Citrix Systems CITRIX NETSCALER 9.3 Benutzerhandbuch
Chapter 3
Audit Logging
Topics:
•
•
•
•
•
•
Auditing is a methodical examination or review of a condition
or situation. The Audit Logging feature enables you to log the
Citrix
or situation. The Audit Logging feature enables you to log the
Citrix
®
NetScaler
®
states and status information collected by
various modules in the kernel and in the user-level daemons.
For audit logging, you have the options to configure SYSLOG,
the native NSLOG protocol, or both.
For audit logging, you have the options to configure SYSLOG,
the native NSLOG protocol, or both.
SYSLOG is a standard protocol for logging. It has two
components─ the SYSLOG auditing module, which runs on the
NetScaler appliance, and the SYSLOG server, which can run on
the underlying FreeBSD operating system (OS) of the
NetScaler appliance or on a remote system. SYSLOG uses user
data protocol (UDP) for the transfer of data.
components─ the SYSLOG auditing module, which runs on the
NetScaler appliance, and the SYSLOG server, which can run on
the underlying FreeBSD operating system (OS) of the
NetScaler appliance or on a remote system. SYSLOG uses user
data protocol (UDP) for the transfer of data.
Similarly, the native NSLOG protocol has two components─ the
NSLOG auditing module, which runs on the NetScaler
appliance, and the NSLOG server, which can run on the
underlying FreeBSD OS of the NetScaler appliance or on a
remote system. NSLOG uses transmission control protocol
(TCP) for transfer of data.
NSLOG auditing module, which runs on the NetScaler
appliance, and the NSLOG server, which can run on the
underlying FreeBSD OS of the NetScaler appliance or on a
remote system. NSLOG uses transmission control protocol
(TCP) for transfer of data.
When you run NSLOG or a SYSLOG server, it connects to the
NetScaler appliance. The NetScaler appliance then starts
sending all the log information to the SYSLOG or NSLOG
server, and the server can filter the log entries before storing
them in a log file. An NSLOG or SYSLOG server can receive log
information from more than one NetScaler appliance and a
NetScaler appliance can send log information to more than
one SYSLOG server or NSLOG server.
NetScaler appliance. The NetScaler appliance then starts
sending all the log information to the SYSLOG or NSLOG
server, and the server can filter the log entries before storing
them in a log file. An NSLOG or SYSLOG server can receive log
information from more than one NetScaler appliance and a
NetScaler appliance can send log information to more than
one SYSLOG server or NSLOG server.
The log information that a SYSLOG or NSLOG server collects
from a NetScaler appliance is stored in a log file in the form
of messages. These messages typically contain the following
information:
from a NetScaler appliance is stored in a log file in the form
of messages. These messages typically contain the following
information:
w
The IP address of a NetScaler appliance that generated the
log message
log message
w
A time stamp
w
The message type
w
The predefined log levels (Critical, Error, Notice, Warning,
Informational, Debug, Alert, and Emergency)
Informational, Debug, Alert, and Emergency)
w
The message information
71