Improved log collection for Windows client
The logging feature for the Windows Secure Access client is enhanced with improved log collection and debugging. The new log files are prefixed with “csa_”.
Starting from the Citrix Secure Access client for Windows 23.10.1.7, the default log level is set to Verbose for an enhanced log collection and troubleshooting.
With these changes, admins and end-users can collect logs from the current session and past sessions. Previously, the collection of logs was limited to the current sessions only.
Configure logging by using the Citrix Secure Access client UI
- Install the Secure Access client for Windows.
- Click Logging from the menu. All configuration related to logs can be done in the Logging screen.
-
Select Log Level:
When the new logging mechanism is enabled, the following three log levels are available.
- Error: Only exceptions or failures reported by the application are logged.
- Info: This level includes informational messages and events relevant from program execution. It also includes errors and exceptions.
- Verbose (default): This level includes all log messages reported by Error and Info log levels and additional messages that might help in troubleshooting.
- Log File Size Limit: (Mandatory) Enter the log file size of each log file. The maximum value is 600 MB.
- Maximum Number of Log Files: (Mandatory) Enter the number of files that you want to add for log collection. The maximum value is 5.
- Email Log Files – Email the log files to the registered email ID.
- Start New Log File – When you select this option, a new log file is created.
- Collect Log Files – Click to create a zip file with all log files from the application. This zip file is saved on the client’s desktop.
-
Open Log Files – When you select this option, the latest
csa_nssslvpn*.txt
file opens.
Improved Citrix Secure Access diagnostics for Windows client
Starting from the Citrix Secure Access client for Windows release 24.6.1.18, the Citrix Secure Access diagnostics are enhanced to include additional fields for troubleshooting access issues with TCP/UDP applications.
-
Description: The destination IP, source port, and destination port are included in the Description field of the App Access log when access to the TCP/UDP apps from the Citrix Secure Access client for Windows fails.
-
DNS failures: TCP based DNS failures and UDP based DNS failures are reported explicitly in the App Access log.
-
Application name details: The App Access log in the Citrix Secure Access client for Windows includes the application name with access failure or success status. This field allows the admin to understand which applications are accessing the TCP/UDP workflow and if the same is using a different port combination.
In addition to the App Access log, the CAS (Citrix Access Security) Diagnostics Logs is enhanced with the following:
-
Overview of CAS Diagnostics Logs: The overview of the CAS Diagnostics Logs includes descriptions of what is failing in the Citrix Secure Access client for Windows and the cause of failure.
-
WPAD DNS failures: By default, WPAD DNS failures of the Citrix Secure Access client for Windows are reported on CAS Diagnostics Logs. Administrators must configure the
DisableWpadDnsCasReporting
registry in the Citrix Secure Access client for Windows to prevent overloading of CAS Diagnostics Logs with WPAD DNS failures.