Citrix Systems CITRIX NETSCALER 9.3 Benutzerhandbuch
Configuring the NetScaler Appliance for Audit
Logging
Policies define the SYSLOG or NSLOG protocol, and server actions define what logs are
sent where. For server actions, you specify the system information, which runs the
SYSLOG or the NSLOG server.
sent where. For server actions, you specify the system information, which runs the
SYSLOG or the NSLOG server.
The Citrix NetScaler logs the following information related to TCP connections:
w
Source port
w
Destination port
w
Source IP
w
Destination IP
w
Number of bytes transmitted and received
w
Time period for which the connection is open
Note: You can enable TCP logging on individual load balancing vservers. You must
bind the audit log policy to a specific load balancing vserver that you want to log.
bind the audit log policy to a specific load balancing vserver that you want to log.
Configuring Audit Servers
You can configure audit server actions for different servers and for different log levels.
To configure a SYSLOG server action by using the
command line
At the NetScaler command prompt, type the following commands to set the parameters
and verify the configuration:
and verify the configuration:
w
add audit syslogAction <name> <serverIP> [-serverPort <port>] -logLevel <logLevel>
[-dateFormat ( MMDDYYYY | DDMMYYYY )]
[-dateFormat ( MMDDYYYY | DDMMYYYY )]
w
show audit syslogAction [<name>]
Example
> add audit syslogaction audit-action1 10.102.1.1 -
> add audit syslogaction audit-action1 10.102.1.1 -
loglevel INFORMATIONAL -dateformat MMDDYYYY
Done
> show audit syslogaction audit-action1
1) Name: audit-action1
Server IP: 10.102.1.1 Port: 514
Loglevel : INFORMATIONAL
Date Format: MMDDYYYY
Time Zone: GMT_TIME
Facility: LOCAL0
Tcp Logging: NONE
ACL Logging: DISABLED
Citrix NetScaler Administration Guide
73