It’s no secret that we are living in a time of digital collaboration. Globally distributed teams are now working seamlessly on projects, effectively communicating, and building environments, all through their devices. This collaboration is powerful but can lead to confusion and difficulty troubleshooting if there is little insight into who is making changes in shared digital spaces. Our teams saw this trend and developed a way to make changes more transparent within the Citrix cloud console.

We are excited to announce the general availability of System Log for the Citrix cloud console! This feature provides the ability to audit “who done it” scenarios across the Citrix cloud account, providing transparency into system operations for auditing and compliance purposes. One of the most common uses is to view who was added to the Citrix cloud account (i.e. sue@company.com invited mike@company.com to become a Citrix cloud administrator).

Currently, we have 130+ events registered to System Log, split across Platform, Connectors, Citrix Secure Private Access, Citrix Workspace, and Licensing areas. We plan to continue adding relevant events in the future.

How to Access System Log

Depending on the use of these logs, an admin can access them in three different ways:

  • Citrix cloud console — An admin can navigate to a table view of the logs on the Citrix cloud console by selecting “System Log” under the hamburger menu. Once on the System Log page, an admin can explore 30, 60, and 90 days of historical data, with the ability to export these logs to CSV by clicking on the “Export to CSV” link.

  • RESTful API — For data-integration use cases, admins can setup their environment to consume the logs through the Citrix Cloud API. The API consumption of System Log follows a two-step process: 1) Authentication to Citrix Cloud and 2) Consuming the API with an authenticated token. You can learn more by reading the “Getting Started” section of the developer docs and general documentation.
  • Splunk Add-on. For customers already using Splunk as their security information and event management (SIEM) tool, Citrix offers a Splunk add-on for download on Splunkbase. After inputting client credentials and frequency of the data pull, the add-on will automatically call the relevant Citrix cloud APIs and add the logs into the customer’s Splunk server. Additional documentation and deployment information is available here.

If your company does not use Splunk as its SIEM solution, you can leverage our public API and use a similar script to automate the data pull.

Below is a simple architecture diagram highlighting the data flow for System Log:

Shared Responsibility

Citrix shares responsibility with you, the customer, for retaining the system log data that the Citrix cloud platform captures. Citrix retains system log records for 90 days after events are recorded.

During those 90 days, you are responsible for migrating the system log records that you want to retain to meet your organization’s compliance requirements to your SEIM or other long-term storage solution.

Next Steps

We are grateful for the collective feedback up to this point, and we are always looking to improve. We now have 130+ events, but we aren’t going to stop there. We look forward to continuing to bring you features that enhance your Citrix cloud platform experience. Take a look at the new System Log today for insights into your environments, and if you have any feedback for the team about new events to add, please let us know in this Podio form.

Disclaimer: The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.