Citrix Systems CITRIX NETSCALER 9.3 manual Installing and Configuring the Nslog Server

Page 81

Citrix NetScaler Administration Guide

To configure an audit message action by using the configuration utility

1.In the navigation pane, expand System, expand Auditing, and then click Message Actions.

2.In the details pane, do one of the following:

•To create a new audit message action, click Add.

•To modify an existing audit message action, select the action, and then click Open.

3.In the Create Message Action or Configure Message Action dialog box, specify values for the following parameters, which correspond to parameters described in “Parameters for configuring an audit message action” as shown:

•Name*—name

•Log Level*—logLevel

•Log Message—stringBuilderExpr

•Bypass Safety Check—bypassSafetyCheck (To specify YES, select the check box.)

•Log in newnslog—logtoNewnslog (To specify YES, select the check box.)

*A required parameter

4.Click Create or OK, and then click Close. The audit message action that you configured appears in the details pane.

Binding Audit Message Action to a Policy

After you have created an audit message action, you must bind it to a rewrite or responder policy. For more information about binding log message actions to a rewrite or responder policy, see the "Rewrite" or the "Responder" chapter of the Citrix NetScaler Application Security Guide. For a link to the guide, see the Documentation Library.

Installing and Configuring the NSLOG Server

During installation, the NSLOG server executable file (auditserver) is installed along with other files. The auditserver executable file includes options for performing several actions on the NSLOG server, including running and stopping the NSLOG server. In addition, you use the auditserver executable to configure the NSLOG server with the IP addresses of the NetScaler appliances from which the NSLOG server will start collecting logs. Configuration settings are applied in the NSLOG server configuration file (auditlog.conf).

Then, you start the NSLOG server by executing the auditserver executable. The NSLOG server configuration is based on the settings in the configuration file. You can further customize logging on the NSLOG server system by making additional modifications to the NSLOG server configuration file (auditlog.conf).

The following table lists the operating systems on which the NSLOG server is supported.

81

Image 81

Contents Citrix NetScaler Administration Guide Copyright and Trademark Notice Page Page Contents Snmp Vii Audit Logging Web Server Logging 105 Advanced Configurations Contents Web Interface AppFlow Reporting Tool Contents Xvi Formatting Conventions for NetScaler Documentation This PrefaceFormatting Conventions Meaning Boldface Documentation Available on the NetScaler Appliance ConventionTo view the documentation Getting Service and Support NetScaler Documentation FeedbackTo provide feedback at the Knowledge Center home Preface Topics Authentication and AuthorizationConfiguring Users and Groups Configuring User AccountsShow system user Example Password Password Parameters for configuring a user accountTimeout CLI Idle Session Timeout Secs UserName User NameConfiguring User Groups To create a user group by using the NetScaler command lineShow system group Example Show system group groupName Example Show system group groupName Parameters for configuring a user groupGroupName Group Name UserNameConfiguring Command Policies Built-in Command PoliciesCLI Prompt CLI Idle Session Timeout Secs Built-in Command Policies Policy name Allows Creating Custom Command PoliciesExcept show runningconfig, show Runningconfig, and sh gslbCommand specification regular expression Matches these commandsSh system cmdPolicy Example Parameters for configuring a command policyPolicyname ActionBinding Command Policies to Users and Groups Sh system user userName Example Parameters for binding a command policy to a userSh system user userName PrioritySh system group groupName Example Parameters for binding a command policy to a groupSh system group groupName GroupNameTo reset the nsroot password Resetting the Default Administrator nsroot PasswordFsck /dev/ad0s1a Mount /dev/ad0s1a /flash Example of a User ScenarioSample Values for Creating Entities Field Configuration stepsConfiguring External User Authentication Configuring Ldap Authentication Examples of Base Distinguished Name Ldap server Base DN Examples of Bind Distinguished Name Ldap serverBind DN Authentication Type, select LDAP. Next to Server, click New Determining attributes in the Ldap directory Configuring Radius Authentication Choosing Radius authentication protocolsAuthentication Type, select Radius Configuring IP address extraction Configuring TACACS+ Authentication Configuring NT4 AuthenticationAuthentication Type, select Tacacs Authentication Type, select NT4 Authentication and Authorization Snmp Importing MIB Files to the Snmp Manager and Trap Listener Enable snmp alarm alarm name Sh snmp alarm alarm name Enabling or Disabling an Snmp AlarmTo configure an Snmp alarm by using the command line Configuring AlarmsParameters for configuring Snmp alarms SeverityConfiguring Traps To configure Snmp alarms by using the configuration utilityTo add an Snmp trap by using the NetScaler command line To configure Snmp Traps by using the configuration utility Parameters for configuring Snmp trapsEnabling Unconditional Snmp Trap Logging Specifying an Snmp Manager Configuring the NetScaler for Snmp v1 and v2 QueriesParameters for unconditional Snmp trap logging SnmpTrapLogging Snmp Trap LoggingShow snmp manager To add an Snmp manager by using the NetScaler command lineIPAddress Parameters for configuring an Snmp managerTo add an Snmp manager by using the configuration utility Specifying an Snmp Community Parameters for configuring an Snmp community stringSh snmp community PermissionsConfiguring Snmp Alarms for Rate Limiting Configuring an Snmp Alarm for Throughput or PPSCommunity String*-communityName Show snmp alarm PF-RL-RATE-THRESHOLD ThresholdValue Show snmp alarm PF-RL-PPS-THRESHOLDNormalValue StateAlarm Threshold-thresholdValue Normal Threshold-normalValue Configuring Snmp Alarm for Dropped PacketsParameters for configuring an Snmp alarm for dropped packets Configuring the NetScaler for SNMPv3 QueriesSetting the Engine ID To set the engine ID by using the NetScaler command line Configuring a ViewParameters for setting the engine ID To set the engine ID by using configuration utilityConfiguring a Group Parameters for configuring an Snmp viewTo add an Snmp group by using the NetScaler command line Parameters for configuring an Snmp group Configuring a UserTo configure a user by using the NetScaler command line SecurityLevelParameters for configuring an Snmp user Citrix NetScaler Administration Guide Snmp Audit Logging Audit Logging Configuring the NetScaler Appliance for Audit Logging Configuring Audit ServersShow audit syslogAction name Show audit nslogAction name Parameters for configuring auditing serversServerIP ServerPortLog levels defined Configuring Audit Policies To configure an auditing server actionTo configure a Syslog policy by using the command line To configure an Nslog policy by using the command line Parameters for configuring audit policiesRule Binding the Audit Policies Globally To configure an audit server policyParameters for binding the audit policies globally Name* name Server* actionConfiguring an Audit Message Action Configuring Policy-Based LoggingTo globally bind the audit policy Pre RequisitesBypassSafetyCheck StringBuilderExprLogtoNewnslog Binding Audit Message Action to a Policy Installing and Configuring the Nslog ServerInstalling Nslog Server on the Linux Operating System Supported Platforms for the Nslog Server Operating systemSoftware requirements Installing Nslog Server on the FreeBSD Operating System Pkgdelete NSaudserver Pkginfo grep NSaudserverOn the system, where you have downloaded the Nslog package To install Nslog server on a Windows operating systemTo uninstall the Nslog server on a Windows operating system Nslog Server Command OptionsAudserver -remove Audserver -stopAudserver -remove Specifies To add the IP addresses of the NetScaler applianceVerifying the Nslog Server Configuration File Running the Nslog ServerTo start audit server logging Customizing Logging on the Nslog Server Creating FiltersTo create a filter Specifying Log Properties Default Settings for the Log Properties Following is a sample configuration file Sample Configuration File audit.confWeb Server Logging Enabling or Disabling Web Server Logging Configuring the NetScaler Appliance for Web Server LoggingParameter for modifying the buffer size Modifying the Default Buffer SizeSh weblogparam Example Buffer SizeSupported Platforms for the Nswl Client Operating system To modify the buffer size by using the configuration utilityInstalling Nswl Client on a Solaris Operating System Hardware requirementsCp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp Cd /tmp Installing Nswl Client on a Linux Operating SystemTar xvf NSweblog.tar Pkginfo grep NSweblogInstalling Nswl Client on a FreeBSD Operating System To view the installed Web server logging filesTo get more information about the NSweblog RPM file Installing Nswl Client on a Mac OS Operating System Pkgdelete NSweblogCp pathtocd/Utilities/weblog/macos/NSweblog.tgz /tmp To install the Nswl client on a Windows system Installing Nswl Client on a Windows Operating SystemTo uninstall the Nswl client on a Windows system Installing Nswl Client on an AIX Operating SystemCp pathtocd/Utilities/weblog/AIX/NSweblog.rpm /tmp Rpm -i NSweblog.rpmNswl Command Options Nswl command Specifies Nswl Client Command OptionsAdding the IP Addresses of the NetScaler Appliance To add the Nsip address of the NetScaler applianceNswl -addns -f directorypath \log.conf To verify the configuration in the Nswl configuration file Verifying the Nswl Configuration FileRunning the Nswl Client Customizing Logging on the Nswl Client SystemOn OFF Parameters for Creating a Filter SpecifiesTo create a filter for a virtual server LogFormat Ncsa Ncsa Common Log Format Understanding the Ncsa and W3C Log FormatsNcsa Common Log Format Argument Specifies W3C Extended Log FormatEntries DirectivesDirective Descriptions Identifiers FieldsPrefix Descriptions Specifies ExamplesDescription W3C Extended Log Format Identifiers No Prefix RequiredCreating a Custom Log Format by Using the Nswl Library Creating a Custom Log FormatField Description Creating a Custom Log Format Manually To create the custom log format by using the Nswl LibraryCreating Apache Log Formats Sample Configuration FileNcsa 11.Custom Log Format Argument Specifies Arguments for Defining a Custom Log FormatFoobari Foobaro Formatt 12.Time Format Definition Argument Specifies Time Format DefinitionArgument Specifies 123 Web Server Logging 124 Advanced Configurations Configuring Clock Synchronization To add an NTP server by using the NetScaler command lineShow ntp server Example ServerName Parameters for configuring an NTP serverMinpoll MaxpollConfiguring Clock Synchronization Manually Enable ntp sync Disable ntp syncStarting or Stopping the NTP Daemon Usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.log Show ns config ExampleViewing the System Date and Time Configuring TCP Window Scaling Parameters for configuring window scaling Show ns tcpParam ExampleWSVal Enabled Configuring Selective AcknowledgmentTo enable Sack by using the Configuration Utility Clearing the ConfigurationTo clear a configuration by using the configuration utility Parameters for clearing a configurationViewing the Http Band Statistics LevelRespBandSize ReqBandSizeTo modify the band range by using the configuration utility Configuring Http ProfilesTo add an Http profile by using the NetScaler command line Built-in Http Profiles Built-in profile DescriptionParameters for adding an Http profile Configuring TCP Profiles To add an Http profile by using the configuration utilityBuilt-in TCP Profiles Built-in profile Description To add a TCP profile by using the NetScaler command line Parameters for creating a TCP profile To add a TCP profile by using the configuration utility Specifying a TCP Buffer Size Example BufferSize Parameters for setting the TCP buffer size in a TCP profileSpecifying the MSS Value in a TCP Profile Parameters for specifying the MSS value in a TCP profileMss Learn MSS for VServer LearnVsvrMSS Advanced Configurations 148 Web Interface Prerequisites How Web Interface WorksInstalling the Web Interface Configuring the Web Interface Web Interface tar file pathJRE tar file path Parameters for configuring Web interface sites Authentication Point Gateway Direct ModeAccess Gateway URL PortXML Service Addresses Configuring a Web Interface Site for LAN Users Using HttpXML Service Port TransportSite Type Published Resource Type Kiosk Mode A Web Interface Site Configured for LAN Users Using HttpVirtual Server Protocol select Https IP Address Port Add service WILoopbackService 127.0.0.1 Http A Web Interface Site Configured for LAN Users Using Https Configuring a Web Interface Site for LAN Users Using Https160 161 Add lb vserver Httpswi SSL 10.102.29.3 Configuring a Web Interface Site for Remote Users Using Agee A Web Interface Site Configured for Remote Users Using Agee 165 166 AppFlow NetScaler Flow Sequence How AppFlow WorksTemplates Flow RecordsConfiguring the AppFlow Feature Enabling or Disabling the AppFlow Feature To specify a collector by using the NetScaler command lineSpecifying a Collector To remove a collector by using the NetScaler command line Configuring an AppFlow ActionTo specify a collector by using the configuration utility Parameters for specifying a collectorParameters for configuring an AppFlow action CollectorsComment Show appflow policy name Configuring an AppFlow PolicyRule Action Parameters for configuring an AppFlow policyHttp To add an expression by using the Add Expression dialog boxShow appflow global Binding an AppFlow PolicyGotoPriorityExpression Parameters for binding an AppFlow policyInvoke Invoke flag LabelType LabelNameClick Apply Changes Enabling AppFlow for Virtual ServersSetting the AppFlow Parameters Enabling AppFlow for a ServiceAppFlow Parameters HttpReferer HttpCookieHttpMethod HttpHostReporting Tool Using the Reporting Tool To invoke the Reporting toolWorking with Reports Creating and Deleting Reports Using Built-in ReportsTime Intervals Time interval Displays Modifying the Time IntervalExporting and Importing Custom Reports Setting the Data Source and Time ZoneWorking with Charts Adding a ChartModifying a Chart To change the graph type of a chart Viewing a ChartTo view numeric data for a graph To change the color and graph type of a data set Deleting a Chart To export chart data to ExcelExamples Limits on Entity Numbers Retrieved by nscollect Entity name Stopping and Starting the Data Collection UtilityTo start nscollect on the local system To stop nscollectEntity name Limit Netscaler/nscollect stopNetscaler/nscollect start To start nscollect on the remote system