Systems Monitoring
To ensure optimal uptime for app access and connectivity, you must monitor the following core components in the XenMobile environment.
XenMobile Server
XenMobile Server generates and stores logs on local storage that you can also export to a system log (syslogs) server. You can configure log settings to specify size constraints, log level, or you can create custom loggers to filter specific events. You can look at the XenMobile Server logs from the XenMobile console at any time. You can also export information in the logs via the syslog server to your production Splunk logging servers.
The following list describes the different types of log files available in XenMobile:
Debug log file: Contains debug level information about the core web services of XenMobile, including error messages and server-related actions.
Message format:
<date> <timestamp> <loglevel> <class name (including the package)> - <id> <log message>
- where
<id>
is a unique identifier like sessionID. - where
<log message>
is the message supplied by the application.
Admin audit log file: Contains audit information about activity on the XenMobile console.
Note:
The same format is used for both admin audit and user audit logs.
Message format:
Except for the required Date and Timestamp values, all other attributes are optional. Optional fields are represented with “ “ in the message.
<date> <timestamp> "<username/id>" "<sessionid>" "<deviceid>" "<clientip>" "<action>" "<status>" "<application name>" "<app user id>" "<user agent>" "<details>"
The following table lists the available admin audit log events:
Admin Audit Log Messages for events | Status |
---|---|
Login | success/failure |
Logout | success/failure |
Get admin | success/failure |
Update admin | success/failure |
Get application | success/failure |
Add application | success/failure |
Update application | success/failure |
Delete application | success/failure |
Bind application | success/failure |
Unbind application | success/failure |
Disable application | success/failure |
Enable application | success/failure |
Get category | success/failure |
Add category | success/failure |
Update category | success/failure |
Delete category | success/failure |
Add certificate | success/failure |
Delete certificate | success/failure |
Active certificate | success/failure |
CSR certificate | success/failure |
Export certificate | success/failure |
Delete certificate chain | success/failure |
Add certificate chain | success/failure |
Get connector | success/failure |
Add connector | success/failure |
Delete connector | success/failure |
Update connector | success/failure |
Get device | success/failure |
Lock device | success/failure |
Unlock device | success/failure |
Wipe device | success/failure |
Unwipe device | success/failure |
Delete device | success/failure |
Get role | success/failure |
Add role | success/failure |
Update role | success/failure |
Delete role | success/failure |
Bind role | success/failure |
Unbind role | success/failure |
Update config settings | success/failure |
Update workflow email | success/failure |
Add workflow | success/failure |
Delete workflow | success/failure |
Add Active Directory | success/failure |
Update Active Directory | success/failure |
Add masteruserlist | success/failure |
Update masteruserlist | success/failure |
Update DNS | success/failure |
Update Network | success/failure |
Update log server | success/failure |
Transfer log from log server | success/failure |
Update syslog | success/failure |
Update receiver updates | success/failure |
Update time server | success/failure |
Update trust | success/failure |
Add service record | success/failure |
Update service record | success/failure |
Update receiver email | success/failure |
Upload patch | success/failure |
Import snapshot | success/failure |
Fetch app store app details | success/failure |
Update MDM | success/failure |
Delete MDM | success/failure |
Add HDX | success/failure |
Update HDX | success/failure |
Delete HDX | success/failure |
Add Branding | success/failure |
Delete Branding | success/failure |
Update SSL offload | success/failure |
Add account property | success/failure |
Delete account property | success/failure |
Update account property | success/failure |
Add beacon | success/failure |
User audit log file: Contains information related to the user activity from enrolled devices.
Note:
The same format is used for both user audit and admin audit logs.
Message format:
Except for the required Date and Timestamp values, all other attributes are optional. Optional fields are represented with “ “ in the message. For example,
<date> <timestamp> " <username/id>" "<sessionid>" "<deviceid>" "<clientip>" "<action>" "<status>" " <application name>" "<app user id>" "<user agent>" "<details>"
The following table lists the available user audit log events:
User Audit Log Messages for events | Status |
---|---|
Login | success/failure |
Session time-out | success/failure |
Subscribe | success/failure |
Unsubscribe | success/failure |
Pre-launch | success/failure |
AGEE SSO | success/failure |
SAML Token for Citrix Files | success/failure |
Device registration | success/failure |
Device check | lock/wipe |
Device update | success/failure |
Token refresh | success/failure |
Secret saved | success/failure |
Secret retrieved | success/failure |
User initiated change password | success/failure |
Mobile client download | success/failure |
Logout | success/failure |
Discovery Service | success/failure |
Endpoint Service | success/failure |
MDM Functions | Status |
---|---|
REGHIVE | success/failure |
Cab inventory | success/failure |
Cab | success/failure |
Cab auto install | success/failure |
Cab shell install | success/failure |
Cab create folder | success/failure |
Cab file get | success/failure |
File create folder | success/failure |
File get | success/failure |
File sent | success/failure |
Script create folder | success/failure |
Script get | success/failure |
Script sent | success/failure |
Script shell execution | success/failure |
Script auto execution | success/failure |
APK inventory | success/failure |
APK | success/failure |
APK shell install | success/failure |
APK auto install | success/failure |
APK create folder | success/failure |
APK file get | success/failure |
APK App | success/failure |
EXT App | success/failure |
List get | success/failure |
List sent | success/failure |
Locate device | success/failure |
CFG | success/failure |
Unlock | success/failure |
SharePoint wipe | success/failure |
SharePoint Configuration | success/failure |
Remove profile | success/failure |
Remove application | success/failure |
Remove unmanaged application | success/failure |
Remove unmanaged profile | success/failure |
IPA App | success/failure |
EXT App | success/failure |
Apply redemption code | success/failure |
Apply settings | success/failure |
Enable tracking device | success/failure |
App management policy | success/failure |
SD card wipe | success/failure |
Encrypted email attachment | success/failure |
Branding | success/failure |
Secure browser | success/failure |
Container browser | success/failure |
Container unlock | success/failure |
Container password reset | success/failure |
AG client auth creds | success/failure |
Citrix ADC also monitors the XenMobile web service state, which is configured with intelligent monitoring probes to simulate HTTP requests to each XenMobile Server cluster node. The probes determine whether the service is online and then respond based on the response received. In case a node does not respond as expected, Citrix ADC marks the server as down. Also, Citrix ADC takes the node out of the load-balancing pool and logs the event for use in generating alerts through the Citrix ADC monitoring solution.
You can also use standard hypervisor monitoring tools to monitor the XenMobile virtual machines and to provide relevant alerts regarding CPU, memory, and storage utilization metrics.
SQL Server and database
SQL Server and database performance directly affect XenMobile Services. The XenMobile instance requires access to the database always and goes offline (for example, stops responding) in the event of an outage to the SQL infrastructure. The XenMobile console might continue to function for a while following any disk space issues with SQL Server. To ensure maximum database uptime and adequate performance for the XenMobile workload, you must proactively monitor the state of your SQL Servers. For more information on monitoring your SQL Servers, see Monitoring and Tuning for Performance Overview. Also, you must adjust resource allocation for CPU, memory, and storage to guarantee service level agreements as your XenMobile environment continues to grow.
Citrix ADC
Citrix ADC provides the ability to log metrics to internal storage or to send logs to an external logging server. You can configure the syslog server to export Citrix ADC logs to your production Splunk logging servers. The following logging levels are available in Citrix ADC:
- Emergency
- Alert
- Critical
- Error
- Warning
- Information
The log files are also stored in Citrix ADC storage in the /var/log/ns.log directory and named newnslog. Citrix ADC rolls over and compresses the files by using the GZIP algorithm. Log file names are newnslog.xx.gz, where xx represents a running number.
Citrix ADC also supports SNMP traps and alerts as a monitoring option. For a list of SNMP traps, see SNMP monitoring.