This is a quick tip to show you how to get the Citrix Configuration Log, plus all the old and new property values, and convert this all to JSON.
Here is a quick tip for you. I had a need to get the Citrix Configuration Log, so I dropped into PowerShell and ran Get-CtxConfigurationLogReport. That is all good and well, but you do not get all the old and new values of the changed properties. However, converting this output to JSON will do just what I want. Plus, converting to JSON is better for me anyway as I want to push this stuff over to Splunk to do some analytics. Here is what you need to do:
Step 1 – Create your UDL file to connect to the database
This will prompt you for your SQL credentials. You can use Windows integrated security if you like, but I’m saving my creds for later use outside of my interactive PowerShell session later.
Step 2 – Get the things
# Load the Citrix Common Commands Snapin
Get-PSSnapin -Registered "Citrix.Common.Commands" | Add-PSSnapin
# Get the configuration log and convert to JSON
Get-CtxConfigurationLogReport -DataLinkPath C:\conflog.udl | ConvertTo-Json -Depth 10
Here is some sample output (notice the property old and new values)
This is the fifth part in a series on Citrix XenApp Configuration Logging. This part will focus on the database schema, the information contained in the database, and how to decode certain parts of the data.
This is the fifth part in the Citrix Configuration Logging Series. In part 1, we discussed what Citrix Configuration Logging was. In part 2, we discussed how to prepare the database to log configuration changes. In part 3, we discussed how to set up the Citrix XenApp farm for Configuration Logging, in part 4, we looked at the “out of the box” reporting tools. In this part, we will look at the back end database schema.
Schema on the Surface
Here is what the database schema looks like on the surface.
Just 3 tables – looks pretty easy… But, if you look at some of the data in those tables, things become less obvious. Let’s break each table down:
CtxLog_AdminTask_LogEntry – Every change to the XenApp farms creates a new row here.
Unique Identifier (primary key)
I honestly don’t know why this is here. It seems like it might be some kind of farm identifier, but you can only have one farm per database.
This holds events that happen on the log (database) as a whole. This is a numeric value that corresponds to an enumeration. Possible values are:
Date/Time the change occurred.
The user that made the change.
The SID of the user that made the change.
Hostname of server that joins the farm.
SID of a server that joins the farm.
IMA server used to make the change – remember that every change has to go through IMA.
SID of the host HostName above.
Status of the change. This is a numeric value that corresponds to an enumeration. Possible values are:
0 = Success
1 = Neither success nor failure
2 = Failure
CtxLog_AdminTask_Object – Object(s) changed.
Unique Identifier (primary key)
Again – don’t know why this is here.
Foreign key to CtxLog_AdminTask_LogEntry table.
Another one I’m not sure about.
Enumeration – type of task performed:
0 = None
1 = Created
2 = Modified
3 = Removed
0 = Application
1 = Application Isolation Environment (AIE)
2 = AIE Application
4 = Farm
5 = File Type Association
6 = Folder
7 = Installation Manager Application
8 = Printer
9 = Server
10 = Server Group
11 = User
12 = Policy
13 = Monitoring Profile
14 = Load Manager
15 = Virtual IP Farm Range
16 = Virtual IP Server Range
17 = Print Driver
18 = Database
19 = Zone
Name of the object changed.
Internal object ID. More specifically, this value comes from the object’s ID property in MFCOM.
XML field. Holds before and after values.
ID of field in language specific resource file.
CtxLog_AdminTask_ReferenceList – Some objects reference other objects. For instance, a published application can reference many server objects. This table keeps track of changes to referenced objects.
Unique Identifier (primary key)
Foreign key to CtxLog_AdminTask_Object table.
Same as parent table.
Tab delimited list of the names of the original referenced objects.
Tab delimited list of internal object IDs of the original referenced objects.
Tab delimited list of the names of the added referenced objects.
Tab delimited list of internal object IDs of the added referenced objects.
Tab delimited list of the names of the removed referenced objects.
Resource IDs of added objects.
Resource IDs of removed objects.
As stated above, the PropertyList field in the CtxLog_AdminTask_Object table is a XML field. This field maps out the before and after values of each property of an object after a change. Here is an excerpt of what a PropertyList field looks like:
Notice that each property has a value where original=”0” or original=”1”. If the two values are different, that is a change. Original=”1” is the before value and original=”0” is the after value (that seems backwards to me). So, from the excerpt above, we can see that “Notepad” was renamed to “Notepad – test”.
Several of the fields have “ResID” somewhere in their name. This is short for Resource ID. The values in these fields are numeric and correspond to a language specific Resource File. For instance, the nameresid in the excerpt above is 290042. This maps to “Display Name” in the en-US resource file; however, 290042 maps to “Anzeigename” in the de-DE resource file. The resource file(s) used to decode the numbers can be found on the computer running the AMC at:
The English resources are located in ConfigurationLoggingReport.dll. Other localized languages can be found in a subdirectory of the path given above. For instance, the German language resources would be in:
This concludes our “behind the scenes” look at the database schema. Now that we know exactly what information is stored in the database and how to decipher the data, we will look at how to do some custom reporting in the final post in this series.
This is the fourth part in a series on Citrix XenApp Configuration Logging. This part will foucus on out of the box reporting tool. In a later article, we will look at custom reporting.
This is the fourth part in the Citrix Configuration Logging Series. In part 1, we discussed what Citrix Configuration Logging was. In part 2, we discussed how to prepare the database to log configuration changes. In part 3, we discussed how to set up the Citrix XenApp farm for Configuration Logging. In this part, we will look at the out of the box reporting tools (in a later article, we will look at custom reporting).
Citrix Report Center
Report Center is part of the Citrix Access Management Console. Report Center allows you to create, schedule, and distribute various types of canned reports. One of the types of reports available is the, you guessed it, “Configuration Logging Report”. There are several other reports available as well including, but not limited to:
Application Usage Report
Client Type Report
CPU Utilization Management Report
Server Availability Report
Environment Usage Report
Before you can run any report in the Access Management Console, you have to create a report specification. A report specification basically tells a report where to get its data and where/how to output the data. Different reports will have different data sources. For instance, the Configuration Logging Report’s data source would be the Configuration Logging database, whereas the Application Usage Report’s data source would be the Resource Manager Summary Database. There is a wizard in the AMC that will step you through setting up a report specification. To start the wizard, simply right-click the Report Center node in the AMC and select “Generate specification”. The wizard is pretty self explanatory, but I do want to point out one part.
When you choose to store a report for later viewing, the report is stored in your user profile (actually, all report specification options as well as the report specification itself is stored in the user profile). The bad thing about this is all this stuff is stored in your local profile by default in the following path:
If you are using roaming profiles, these reports/specifications will get wiped out when you log off (since Local Settings do not roam). However, there is an option to store reports in your roaming profile. This setting is located in the middle column of the AMC when you select the Report Center node.
One of the interesting things you can do is schedule a report to run on a recurring basis. Say you wanted to get a summary of configuration changes every morning. You could create a schedule to run this report and email it to you. To schedule a report, right-click the report specification and select “Schedule report”.
Clicking “Schedule report” brings up a wizard that looks a lot like Windows Task Scheduler. The reason it looks like Windows Task Scheduler is because you are actually creating an ordinary Windows Scheduled Task. However, if you try to look for this scheduled task in Windows, you probably will not see it. That is because Citrix was sneaky and made the scheduled task hidden. To view the schedule task in Windows, you will have to enable “View Hidden Tasks”.
To view a report, you first need to run a job. You can run a job by right-clicking on a report specification and selecting “Run report now”. Scheduled reports create jobs as well. Once a job completes, you can view the report from the “Jobs” section of Report Center. Reports can be generated in HTML format or CSV format. The default format of a report is specified in the report specification; however, you can view any report in either format via the AMC.
Modifying the Report Layout
There isn’t much to discuss about the CSV format, but I do want to show you a few things about the HTML format. By default, the HTML format report looks pretty ugly.
There are a few things we can do to make this report look better. To better understand how to modify the report, it is important to understand how the reports are generated.
The raw data behind a report is XML. A command line utility called genrep.exe is responsible for going out to the data source and generating the XML in the form of a dataset. Once the data has been retrieved, a XML style sheet transformation (XSLT) is applied to produce the resulting HTML. The XSLT files are stored in:
There are some common and language specific transforms here. The simplest way to style the report is to modify ConfigurationLoggingReportHTML.xslt. Here is a screen shot of a report generated with a modified transform:
This concludes our look at “out of the box” capabilities. Even though we were talking mainly about Configuration Logging reporting, most of this information also applies to other reports in Report Center. In the next posts, we will explore the back end database and how to do some custom reporting.
This is the third part in a series on Citrix XenApp Configuration Logging. This part will show you how to configure your Citrix XenApp farm for Configuration Logging, what all the settings mean, what happens when you configure your farm for logging, what happens when things go wrong, and more.
This is the third part in the Citrix Configuration Logging Series. In part 1, we discussed what Citrix Configuration Logging was. In part 2, we discussed how to prepare the database to log configuration changes. In this part, we will discuss how to set up the Citrix XenApp farm to use the database and what happens under the covers when we do this.
Configuring the Citrix XenApp Farm to use the Database
You use the Access Management Console to configure the XenApp farm for Configuration Logging. Configuration Logging is a farm setting, so once you open the Access Management Console, simply right-click your farm name and select “Properties”. Select “Configuration Logging” from the Farm-wide properties.
Now, we need to point our farm to the database we created before. To do this, click the “Configure Database…” button to start the database configuration wizard.
The screen shot above is pretty self-explanatory, but here are a couple of tips:
Even though there is a drop down next to the “Server name” box, the discovery does not always work. I suggest just typing in the database server name or IP address.
Be sure to specify server\instance if you are not using the default database instance.
If using Windows integrated security, type domain\username in the “User name” field
Keep in mind that the username and password is saved in the data store. So, be sure that the password does not expire, or remember to change this when the password does expire.
Discovery does not work well with the database name on the next step either. Again, you will most likely have to type in the database name.
The screen shot above shows a lot of settings, but there is not a lot of explanation of what these settings do. Remember, Configuration Logging is built on top of ADO.NET. In order to make sense of these settings, you can look at ADO.NET properties. So, here ya go:
Connection time-out (seconds) – amount of time to wait for a command to execute. If a database write command cannot execute in 20 seconds, you’ve got a problem.
Packet size (bytes) – the size of the network packet. 8192 is the default. This value can be anywhere from 512 to 32767.
Use encryption – more on this in a minute…
Connection pooling enabled – connection pooling is just like session sharing. Building up and tearing down database connections can be an expensive process. Connection pooling allows a connection to stay up for an amount of time before closing just in case another database request comes in. If another database request comes in before the time out, the request will use the same connection.
Minimum pool size – specifies the minimum number of connections to maintain in a pool. If you set this number to 3, for example, ADO.NET would create 3 connections the first time you connect to the server. Zero is the ADO.NET default.
Maximum pool size – maximum number of connections in a pool. 100 is the ADO.NET default.
Connection lifetime (seconds) – specifies the maximum age of connections. If a connection has been open for more than this number of seconds when you call its Close() or Dispose() method, it will be destroyed rather than being returned to the pool. Zero is the ADO.NET default, which means that connections are kept in the pool regardless of age.
Connection reset – specifies whether the database connection is reset when being removed from the pool. True is the ADO.NET default.
Enlist – specifies whether to enlist this connection into a current transaction context of the creation thread. In other words, if this is set to true and the database server is doing some transactions, let the connection use the already generated transaction. True is the ADO.NET default.
Almost all of those defaults are just great. The only one you need to be careful about is the “Use encryption” option. This option is set to “Yes” by default. But, in order to use Configuration Logging encryption, you must be using IMA encryption. If you are not using IMA encryption, you cannot use Configuration Logging encryption. You will get this nasty undescriptive error when you test the connection if there is a mismatch:
Now that we have the farm configured to point to the database, we have some options on how to log changes. Remember this screen shot?
This is pretty easy, there are only 3 checkboxes:
Log administrative tasks to logging database – this is what tells the IMA service to use the CitrixLogServer.dll hook to log changes explained in part 1.
Allow changes to the farm when database is disconnected – this is self explanatory.
Require administrators to enter database credentials before clearing the log – “the log” referred to in this option is all the data in the database. An administrator can clear the log by opening the AMC, right-clicking on the farm name – > All Tasks –> Clear configuration log.
If you do not allow changes to be made to your farm and your Configuration Logging database is offline, you will get the following error message when trying to make a change:
Wow – that error message is actually pretty descriptive!
Note – even if you do not allow changes to be made to your Citrix XenApp farm when the Configuration Logging database cannot be reached, you can still change which database your farm uses. That means if you are trying to make a change and your database took a dive and it doesn’t look like it will be back up anytime soon, you can always change which database logs the changes and carry on. Of course, changing which database logs changes gets logged <- say that 5 times fast…
Adjusting Database Permissions
As you may recall, when we created the data base user in part 2, we had to make sure the database user belonged to the db_owner role. This is due to the fact when the XenApp farm connects to the database, the schema is checked. If the schema does not exit, it is created – which requires db_owner rights. So, after that first connection, you can dial back the permissions. Here are the minimum operating permissions:
Configuration Logging Task
Database permissions needed
To create log entries in the database tables
INSERT for the database tables, EXECUTE for the stored procedures, and SELECT for sysobjects and sysusers (SQL Server) or sys.all_objects (Oracle)
(Oracle also requires SELECT for sequence objects and the create session system privilege)
To clear the log
DELETE/INSERT for the database tables, EXECUTE for the GetFarmData stored procedure, and SELECT for sysobjects and sysusers (SQL Server)
or sys.all_objects (Oracle) (Oracle also requires SELECT for sequence objects and the create session system privilege)
To create a report
EXECUTE for the Citrix Configuration Logging
stored procedures SELECT for sysobjects and sysusers (SQL Server) or sys.all_objects (Oracle)
(Oracle also requires the create session system
Delegated administration is supported to an extent. It is basically an on or off thing. It is a good idea to make sure administrators have to enter credentials to clear the log as well.
This is the second part in a series on Citrix XenApp Configuration Logging. When Citrix XenApp Configuration Logging is enabled, all changes are written to a back end database. In this part, we will look at the details of how to create the database, logins, and users.
All Citrix XenApp farm changes are written to a back end database. The back end database can be:
Microsoft SQL 2000 and above (Microsoft SQL Express works too)
Oracle 9.2 or 10.2
We will be using Microsoft SQL Server 2005 for this example.
Creating the Database
The first step in setting up the back end database for configuration logging is to create the database and user account(s). This is pretty easy. Just open up Microsoft SQL Server Management Studio, right-click Databases, and select New Database… Give the database a name and accept the defaults.
Creating the Database Login(s)
The next step is to set up the database authentication. In SQL Server Management Studio, expand Security, right-click Logins, and select New Login…
Citrix XenApp Configuration Logging supports both SQL Server authentication and Windows authentication.
If using SQL Server authentication, you can make up any login name and password you want. Keep in mind though that Citrix Configuration Logging does not support blank passwords.
If using Windows authentication, you can type a user name or group name in the form of domain\username or domain\group in the Login name field. You can also select the “Search…” button to browse Active Directory for users or groups.
Tip: by default, only objects of type “User or Built-in security principal” are searched when using the “Search…” button. You will need to add Groups to the search by clicking the “Object Types…” button.
In either case (using Windows or SQL Server authentication), be sure to change the Default database to the database created earlier.
Mapping the Login to a Database User
Even though you have created a database and a login, the two entities are not yet linked. In other words, the login you created cannot log on to the database. That is because a login is not equal to a database user. The next step in the process is to map the created login to a database user and assign appropriate rights.
In Microsoft SQL Server Management Studio, expand the Databases node, expand the database you created above, expand the Security node, right-click Users, and select New User…
Type a name in the Username field and type (or select) the login you created earlier in the Login name field. The name you type in the User name field does not have to match the name in the Login name field, but I usually keep them the same for simplicity.
You will also have to tick the db_owner box under the Role Members section for now. This is because the first time the Citrix XenApp farm tries to connect to the Configuration Logging database, the database schema will get created. After the schema gets created, you can dial back the permissions. I’ll explain the minimum permissions necessary in the next article.
This is the first part in a series on Citrix XenApp Configuration Logging. Citrix XenApp Configuration Logging helps keep track of changes made to your server farm. This feature can tell you what changes were made to your server farm, when they were made, and who made them. Part 1 in this series will further define where changes are logged and how the changes are logged.
I have presented on this topic in the past at BriForum and I wanted to share more about Citrix XenApp Configuration Logging here. This will be a multi-part series that inspects each aspect of Citrix Configuration Logging and some creative ways of extending Citrix Configuration Logging. So, let’s get started…
What is Citrix Configuration Logging?
According to the Citrix XenApp Administrator’s guide, “the Configuration Logging feature allows you to keep track of administrative changes made to your server farm environment. By generating the reports that this feature makes available, you can determine what changes were made to your server farm, when they were made, and which administrators made them. This is especially useful when multiple administrators are modifying the configuration of your server farm. It also facilitates the identification and, if necessary, reversion of administrative changes that may be causing problems for the server farm.” (emphasis added)
When I worked for Citrix, we had a load evaluator that had no available login times. If a server was acting up, we could apply this “unavailable” load evaluator to it and figure out what was going on. Oftentimes, we would discover that the “unavailable” load evaluator was applied to a new server and not know who did it or why they did it. So, we would have to resort to sending out an email asking why this server was assigned to the load evaluator. Now, Citrix XenApp Configuration Logging tells you who did what and when. That should be enough information to find out why.
Where are Changes Logged?
Changes that you make to the Citrix XenApp farm are logged to a database. The back end database can be:
Microsoft SQL 2000 or Microsoft SQL 2005 (Microsoft SQL Express works too)
Oracle 9.2 or 10.2
We will explore the details of the database schema in depth later on.
How are Changes Logged?
There are several ways to make changes to a Citrix XenApp Farm:
In order to facilitate logging changes made by any of these methods, Citrix introduced an IMA hook called CitrixLogServer.dll. As you know, any change made to the data store has to go through IMA first. So, introducing an IMA hook makes sense.
Here are the facts about CitrixLogServer.dll:
Located in %ProgramFiles%\Citrix\System32
it is a Microsoft .Net assembly
it uses ADO.NET to write changes to the database. Once a connection is made to the database, it will automatically disconnect after 5 minutes of inactivity.
Uses a XSD schema that is optimized for writes
Citrix XenApp Configuration Logging Architecture
When a change is submitted to IMA, the change is written via a transaction to the configuration logging database and data store. It is possible to require all changes be written to the configuration logging database before they are allowed to be written to the data store. This ensures all changes are logged. Since the change is written via a transaction, a failure writing to the logging database or data store rolls back the transaction and no change is made or logged.
Bonus tip: if you clone servers in your Citrix XenApp farm and cannot join the cloned server to the farm, you may have to disable configuration logging. Once the server joins the farm, you can re-enable configuration logging.
Project S-Bend fills the gap in Citrix Presentation Server 4.5 Configuration Logging by alerting you via email when changes happen in your farm.
Citrix introduced a new feature in Citrix Presentation Server 4.5 called Configuration Logging. Configuration Logging keeps track of every change to every object in your Citrix Presentation Server Farm. This information is kept in a back end database and you have the ability to run reports on these changes via the Report Center in the Access Management Console. For more details on setting up Configuration Logging and running reports, check out this article by Al Solorzano.
I think this is a really cool feature that lets you know who did what and when they did it. But, in order to get this information, you have to run a report from the Report Center in the AMC. Granted, you can automate reports, but it would be nice if there was some mechanism to alert you when a change was made. This is where Project S-Bend Phase I comes in to play. Project S-Bend was originally created as an exercise for my session titled “Digging into Citrix Presentation Server 4.5 Configuration Logging” at BriForum Europe 2007.
Project S-Bend Phase I consists of 3 main parts; an “Alerts” table added to the Configuration Logging database, a SQL trigger, and a Windows Service. Project S-Bend uses these parts to send email alerts whenever a change is written to the Configuration Logging back end database.
This is a very simple table that is populated by the SQL trigger.
The SQL trigger is added to you Citrix Configuration Logging database and fires any time a change is written to the database. The trigger writes the ID of the change to the Alerts table.
The Windows Service reads the Alerts table populated by the SQL trigger. For each row in the table, the Windows Service sends an email to the specified email address with details concerning the object changed.
How it all works
The process is actually quite simple.
When a change is made in your Citrix Presentation Server 4.5 farm, a log entry is created in the Configuration Logging database.
When the log entry is created, the SQL Trigger fires and writes an entry to the Alerts table.
The Windows Services reads the Alerts table on a configurable timed interval. When the Windows Service encounters unprocessed alerts in the Alerts table, it sends and email with details of what was changed.
What about Phase II?
I guess it is quite obvious that there is a Phase II in the works since I named this thing Phase I. Actually, Phase II is a provider. “A provider for what?” you may ask. Phase II is a provider for reports. Web Interface for Resource Manager will consume this provider as mentioned in the Web Interface for Resource Manager Roadmap.