ESI and Additional Windows messages
Hi, I am trying to report/alert on user access via Citrix Secure Gateway (CSG). The CSG server has its own Event Log within windows and I have added it to envision through event log strings etc, I can see the specific events in message viewer and have exported logs via LSDATA successfully so that I can utilise them in ESI.
To this date I have been trying to add a new device, to Envision which has not worked so far, so my question is, should I be modifying the existing Windows XML files to include support for the Citrix events or should this be a new device.
any help appreciated
Personally, I would make it a separate event source. Although it comes from the Windows event log, it is not an actual "Windows" log.
Just bear in mind that you will need to set the original winevent(nic) event source as a "Multi Device" so that the CSG logs can be discovered as a separate entity.
Ok, I have tried it both ways, I created a new device called csg_access. I added it to envision etc, restarted, but no new device. Then I added the XML messages to the bottom of the windows nic xml file, restarted servers etc, and suddenly I can report on citrix access..
I have attached the XML forthe device I am trying to add, can anyone tell me if there is something wrong here ?
At face value the XML looks OK, but it is impossible to say for sure where any error might be occurring without a sample log file.
Can you post a scrubbed version of an lsdata sample dump of these messages?
I finally got to test this out this morning, and it appears to work fine.
I had no issues setting up your event source file or injecting the data. It discovered just fine and the query results in the Windows Accounting table showed up as expected. Please see attached screenshots.
I made no changes to anything you did except that I had to build the device.ini file manually as it was not provided.
thanks for testing it, not sure why it does not wokr on my system. Can you flick me the ini file you created so I can compare with the one I have.