We have been running Citrix for almost nine months. When the system was initially setup, I needed a way to track who was using the Citrix server as well as the number of times the system was accessed. As I had been using a Linux syslog server to collect logs from other systems, I chose to adapt this method for Citrix logging.
First, I had to find a Windows syslog client, and with Google’s help this was not a problem. Netal offers a freeware syslog client for Windows, called “ClSyslog.” Although ClSyslog is really a DLL for adding syslog functionality to an application, the zip file includes a sample program, clsltest.exe, which did exactly what I needed. Essentially, all I had to do was add the clsltest.exe with the necessary parameters to my logon/logoff scripts and the client side was set.
clsltest.exe <syslog_server_IP/FQDN> "logon -clientname:%clientname% - %username%" /F20 /P6
The portion between the required quotation marks referenced in the above command can contain any information you like. I chose to use the Windows variables for the username and clientname along with the action, logon or logoff. The command creates an entry on the syslog server like the following:
Apr 17 07:14:58 <source host> logon - clientname:ZZZZ-.username.-nommj – username
The /F20 and /P6 portion of the command specifies the syslog facility and priority. Facilities are the “type” of log, such as kernel, authentication, mail, etc. The priority represents the severity of the message—critical, informational, warning, etc. (For more information on the syslog protocol, refer to the RFC.) In the command example noted above, I used the facility ‘local4’ (/F20) and the priority ‘informational’ (/P6) because those were not in use on my syslog server. (You should check your syslog.conf file before selecting a facility and priority.)
Next, I needed to configure the syslog server itself. On Red Hat Linux, the syslog configuration file is /etc/syslog.conf. I added the following line to the bottom of the syslog.conf file: (You may need to check your syslog.conf file before selecting a facility and priority)
I then saved the file and restarted the syslog service using the following command.
Note: By default the syslog service is not configured for remote logging so you may need to add the “-r” flag to the syslog startup script. On Red Hat Linux this is done by modifying /etc/sysconfig/syslog. Change the line:
To look like this:
SYSLOGD_OPTIONS="-m 0 -r"
I tested my configuration from the Windows command prompt by running the following command:
clsltest.exe <syslog_server_IP/FQDN> "test” /F20 /P6
Once I had verified that the message was written to /var/log/citrix.log, I began work on a Perl script to process the log.
The Perl script itself is very simple. It reads the log into an array, loops through the array counting occurrences of the string “logon,” and separates the username from the rest of the line to be added to a second array. Next, it loops through the second array to remove duplicate names, giving the total number of users. The final action it performs is to email the results along with the log. Sample output is found below:
Total logon events: 3
Total users: 2
Apr 17 07:14:58 ctxsrv logon - clientname:ZZZZ-.user1.-nommj – user1
Apr 17 07:55:27 ctxsrv logon - clientname:ZZZZ-.user2.-bupmc – user2
Apr 17 07:56:13 ctxsrv logoff - clientname:ZZZZ-.user1.-bupmc – user1
Apr 17 08:32:29 ctxsrv logon - clientname:ZZZZ-.user3-pyjoe – user1
To make the citrix.log file easier to work with, I use the program, logrotate, to rotate it weekly. I have the Perl script configured as a cron job which runs right after the log has been rotated, processing the most recent complete log. (Normally citrix.log.1) The Perl script can be found at http://www.glue.umd.edu/~jferrell/CitrixLog.pl.txt.
The above scenario is just one example of what you can do using Linux in a Citrix environment. There are a multitude of possibilities for using Linux in your Citrix environment. It just takes some time and creative thinking.