Manuals / Citrix Systems / Computer Equipment / Network Router

Citrix Systems CITRIX NETSCALER 9.3 manual Configuring the NetScaler Appliance for Audit Logging

Models: CITRIX NETSCALER 9.3

1 195

Download 195 pages 43.21 Kb

Page 73

Configuring the NetScaler Appliance for Audit Logging

Citrix NetScaler Administration Guide

Configuring the NetScaler Appliance for Audit Logging

Policies define the SYSLOG or NSLOG protocol, and server actions define what logs are sent where. For server actions, you specify the system information, which runs the SYSLOG or the NSLOG server.

The Citrix NetScaler logs the following information related to TCP connections:

wSource port

wDestination port

wSource IP

wDestination IP

wNumber of bytes transmitted and received

wTime period for which the connection is open

Note: You can enable TCP logging on individual load balancing vservers. You must bind the audit log policy to a specific load balancing vserver that you want to log.

Configuring Audit Servers

You can configure audit server actions for different servers and for different log levels.

To configure a SYSLOG server action by using the command line

At the NetScaler command prompt, type the following commands to set the parameters and verify the configuration:

wadd audit syslogAction <name> <serverIP> [-serverPort <port>] -logLevel <logLevel> [-dateFormat ( MMDDYYYY DDMMYYYY )]

wshow audit syslogAction [<name>]

Example

>add audit syslogaction audit-action1 10.102.1.1 - loglevel INFORMATIONAL -dateformat MMDDYYYY

Done

>show audit syslogaction audit-action1

1)	Name: audit-action1	Port: 514
	Server IP: 10.102.1.1	Port: 514

Loglevel : INFORMATIONAL

Date Format: MMDDYYYY

Time Zone: GMT_TIME

Facility: LOCAL0

Tcp Logging: NONE

ACL Logging: DISABLED

73

Image 73

Citrix Systems CITRIX NETSCALER 9.3 manual Configuring the NetScaler Appliance for Audit Logging, Configuring Audit Servers

Contents

Citrix NetScaler Citrix NetScaler Administration GuideCopyright and Trademark Notice All rights reserved Last Updated March Document code May 21 2012 Page 1 Authentication and Authorization ContentsPreface 2 SNMP ContentsEnabling Unconditional SNMP Trap Logging Citrix NetScaler Administration GuideContents viii3 Audit Logging 4 Web Server Logging Citrix NetScaler Administration GuideInstalling and Configuring the Client System for Web Server Logging. . . . . . . . . . . . . . . . . . . . . 96 Installing NSWL Client on a Solaris Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97 To install the NSWL client package on a Solaris operating system. . . . . . . . . . . . . . 97 To uninstall the NSWL client package on a Solaris operating system ContentsCitrix NetScaler Administration Guide Configuring TCP Window Scaling xi5 Advanced Configurations Contents xiii Specifying the MSS Value in a TCP ProfileCitrix NetScaler Administration Guide 6 Web Interface179 xiv Enabling AppFlow for Virtual ServersContents 7 AppFlow8 Reporting Tool Citrix NetScaler Administration GuideContents Formatting Conventions for NetScaler Documentation PrefaceIn This Preface Table 1. Formatting ConventionsPreface Documentation Available on the NetScaler ApplianceTo view the documentation ConventionNetScaler Documentation Feedback Getting Service and SupportTo provide feedback at the Knowledge Center home page Preface Configuring Users and Groups Configuring Command Policies Authentication and AuthorizationResetting the Default Administrator nsroot Password Example of a User Scenario Configuring External User AuthenticationConfiguring User Accounts Configuring Users and GroupsTo create a user account by using the NetScaler command line w show system user Examplepassword Password Parameters for configuring a user accounttimeout CLI Idle Session Timeout Secs userName User NameTo configure a user account by using the configuration utility Configuring User GroupsTo create a user group by using the NetScaler command line Password Confirm Password CLI Prompt CLI Idle Session Timeout SecsTo bind a user to a group by using the NetScaler command line To modify or remove a user group by using the NetScaler command lineTo unbind a user from a group by using the NetScaler command line w show system group groupName ExampleTo configure a user group by using the configuration utility Parameters for configuring a user groupw show system group groupName groupName Group NameBuilt-in Command Policies Configuring Command PoliciesCLI Prompt CLI Idle Session Timeout Secs Table 1-1. Built-in Command Policies Creating Custom Command Policiesexcept show runningconfig, show runningconfig, and sh gslbCommand specification Table 1-2. Examples of Regular Expressions for Command PoliciesMatches these commands Table 1-3. Expressions Used in the Built-in Command PoliciesParameters for configuring a command policy To create a command policy by using the NetScaler command linew sh system cmdPolicy Example policynameTo configure a command policy by using the configuration utility Binding Command Policies to Users and GroupsTo bind command policies to a user by using the configuration utility Parameters for binding a command policy to a userw sh system user userName Example w sh system user userNameParameters for binding a command policy to a group To reset the nsroot password Resetting the Default Administrator nsroot Passwordfsck /dev/ad0s1a mount /dev/ad0s1a /flash Example of a User Scenariomodifyall with action as Allow and the command spec \S+\s+?!system Configuration stepsTable 1-4. Sample Values for Creating Entities FieldConfiguring External User Authentication Configuring LDAP Authentication LDAP server Table 1-5. User Attribute Fields for LDAP ServersUser attribute Case sensitive?4. In Authentication Type, select LDAP. Next to Server, click New To configure LDAP authentication by using the configuration utilityLDAP server Bind DNDetermining attributes in the LDAP directory To configure RADIUS authentication by using the configuration utility Configuring RADIUS AuthenticationChoosing RADIUS authentication protocols 4. In Authentication Type, select RADIUSTo configure IP address extraction by using the configuration utility Configuring IP address extraction4. Under Details, in Group Vendor Identifier, type the value Configuring NT4 Authentication Configuring TACACS+ Authentication4. In Authentication Type, select TACACS To configure NT4 authentication by using the configuration utility Binding the Authentication Policies to the System Global Entity2. On the Policies tab, click Global Bindings Chapter 1 Authentication and AuthorizationConfiguring the NetScaler for SNMP v1 and v2 Queries Configuring the NetScaler to Generate SNMPv1 and SNMPv2 TrapsConfiguring SNMP Alarms for Rate Limiting Configuring the NetScaler for SNMPv3 QueriesImporting MIB Files to the SNMP Manager and Trap Listener Configuring the NetScaler to Generate SNMPv1 and SNMPv2 TrapsTo import the MIB files to the SNMP manager and trap listener To enable or disable an SNMP alarm by using the command line Enabling or Disabling an SNMP AlarmTo enable or disable an SNMP alarm by using the configuration utility w enable snmp alarm alarm name w sh snmp alarm alarm nameTo configure an SNMP alarm by using the command line Configuring AlarmsParameters for configuring SNMP alarms w sh snmp alarm alarm NameTo configure SNMP alarms by using the configuration utility Configuring TrapsTo add an SNMP trap by using the NetScaler command line To configure SNMP Traps by using the configuration utility Parameters for configuring SNMP trapsw show snmp trap trapClassEnabling Unconditional SNMP Trap Logging w set snmp option -snmpTrapLogging ENABLED DISABLEDDestination IP Address*-trapDestination Destination Port-destPort Source IP Address-srcIP Minimum Severity-severitySpecifying an SNMP Manager Configuring the NetScaler for SNMP v1 and v2 QueriesParameters for unconditional SNMP trap logging SnmpTrapLogging SNMP Trap Loggingw show snmp manager To add an SNMP manager by using the NetScaler command linew show snmp manager IPAddress Parameters for configuring an SNMP managerw show snmp manager netmask To add an SNMP manager by using the configuration utilitydomainResolveRetry IP Address*-IPAddressParameters for configuring an SNMP community string To specify an SNMP community by using the NetScaler command lineSpecifying an SNMP Community w sh snmp communityConfiguring an SNMP Alarm for Throughput or PPS Configuring SNMP Alarms for Rate LimitingTo remove an SNMP community string by using the configuration utility Community String*-communityNamew show snmp alarm PF-RL-RATE-THRESHOLD w show snmp alarm PF-RL-PPS-THRESHOLD Parameters for configuring an SNMP alarm for throughput or PPSthresholdValue normalValueConfiguring SNMP Alarm for Dropped Packets Parameters for configuring an SNMP alarm for dropped packets Configuring the NetScaler for SNMPv3 Queriesstate severitySetting the Engine ID To set the engine ID by using the NetScaler command line Configuring a ViewParameters for setting the engine ID To set the engine ID by using configuration utilityParameters for configuring an SNMP view Configuring a GroupTo configure an SNMP view by using the configuration utility To add an SNMP group by using the NetScaler command lineParameters for configuring an SNMP group Configuring a UserTo configure an SNMP group by using the configuration utility To configure a user by using the NetScaler command lineTo configure an SNMP user by using the configuration utility Parameters for configuring an SNMP userName*-name Group Name*-group Authentication Type-authType Authentication Password-authPasswd Privacy Type-privTypeA required parameter 4. Click Create or OK, and then click Close Citrix NetScaler Administration GuideChapter 2 SNMP Installing and Configuring the NSLOG Server Running the NSLOG Server Configuring the NetScaler Appliance for Audit LoggingDefault Settings for the Log Properties Sample Configuration File audit.confChapter 3 Audit Logging Configuring Audit Servers Configuring the NetScaler Appliance for Audit LoggingTo configure a SYSLOG server action by using the command line w show audit syslogAction nameParameters for configuring auditing servers To configure an NSLOG server action by using the command linew show audit nslogAction name serverIPLog levels defined ERRORdateFormat logFacilityTo configure an auditing server action Configuring Audit PoliciesTo configure a SYSLOG policy by using the command line User Configurable Log Messages-userDefinedAuditlogParameters for configuring audit policies To configure an NSLOG policy by using the command linew add audit syslogPolicy name rule action w show audit syslogPolicy nameBinding the Audit Policies Globally To configure an audit server policyParameters for binding the audit policies globally Name* name Server* actionConfiguring an Audit Message Action Configuring Policy-Based LoggingTo create an audit message action by using the NetScaler command line To globally bind the audit policybypassSafetyCheck Parameters for configuring an audit message actionExample stringBuilderExprBinding Audit Message Action to a Policy Installing and Configuring the NSLOG ServerName*-name Log Level*-logLevel To install the NSLOG server package on a Linux operating system Installing NSLOG Server on the Linux Operating SystemTable 3-1. Supported Platforms for the NSLOG Server Operating systemTo uninstall the NSLOG server package on a Linux operating system Installing NSLOG Server on the FreeBSD Operating SystemTo install the NSLOG server package on a FreeBSD operating system Installing NSLOG Server Files on the Windows Operating SystemTo uninstall the NSLOG server package on a FreeBSD operating system pkgadd audserverbsd-release number-build number.tgz ExampleCitrix NetScaler Administration Guide To install NSLOG server on a Windows operating systemTo uninstall the NSLOG server on a Windows operating system NSLOG Server Command OptionsAudit server commands audserver -removeTo add the IP addresses of the NetScaler appliance Adding the NetScaler Appliance IP Addresses on the NSLOG ServerAudit server commands audserver -removeTo stop audit server logging that starts as a service in Windows Verifying the NSLOG Server Configuration FileRunning the NSLOG Server To start audit server loggingCreating Filters Customizing Logging on the NSLOG ServerTo create a filter Example Specifying Log PropertiesExample Example Default Settings for the Log PropertiesExample ExampleExample Sample Configuration File audit.confExample Installing and Configuring the Client System for Web Server Logging Configuring the NetScaler Appliance for Web Server LoggingSample Configuration File Arguments for Defining a Custom Log Format Web Server Loggingw enable ns feature WL w disable ns feature WL w sh ns feature Configuring the NetScaler Appliance for Web Server LoggingEnabling or Disabling Web Server Logging Web LoggingTo modify the buffer size by using the NetScaler command line Modifying the Default Buffer SizeParameter for modifying the buffer size w sh weblogparam ExampleTo modify the buffer size by using the configuration utility Installing and Configuring the Client System for Web Server LoggingTable 4-1. Supported Platforms for the NSWL Client VersionTo install the NSWL client package on a Solaris operating system Installing NSWL Client on a Solaris Operating SystemHardware requirements cp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmpTo uninstall the NSWL client package on a Solaris operating system Installing NSWL Client on a Linux Operating SystemTo install the NSWL client package on a Linux operating system cd /tmpTo uninstall the NSWL client package on a Linux operating system Installing NSWL Client on a FreeBSD Operating SystemTo view the installed Web server logging files To install the NSWL client package on a FreeBSD operating systemTo uninstall the NSWL client package on a FreeBSD operating system Installing NSWL Client on a Mac OS Operating SystemTo install the NSWL client package on a Mac OS operating system pkgdelete NSweblogTo uninstall the NSWL client package on a Mac OS operating system Installing NSWL Client on a Windows Operating SystemTo install the NSWL client on a Windows system pkgdelete NSweblogTo uninstall the NSWL client on a Windows system Installing NSWL Client on an AIX Operating SystemTo install the NSWL client package on an AIX operating system To uninstall the NSWL client package on an AIX operating systemTable 4-3. NSWL Command Options NSWL Client Command OptionsNSWL command To view the installed Web server logging filesTo add the NSIP address of the NetScaler appliance Adding the IP Addresses of the NetScaler Appliancenswl -addns -f directorypath \log.conf NSWL commandTo verify the configuration in the NSWL configuration file Verifying the NSWL Configuration FileRunning the NSWL Client Customizing Logging on the NSWL Client SystemParameter Table 4-4. Parameters for Creating a FilterCreating Filters SpecifiesTo create a filter, enter the following command in the log.conf file To create a filter for a virtual serverSpecifying Log Properties To create a filterExample Chapter 4 Web Server LoggingExample NCSA Common Log Format Understanding the NCSA and W3C Log FormatsExample ExampleTable 4-5. NCSA Common Log Format W3C Extended Log FormatArgument SpecifiesDirectives EntriesTable 4-6. Directive Descriptions DirectiveIdentifiers FieldsTable 4-7. Prefix Descriptions PrefixIdentifier Table 4-8. W3C Extended Log Format Identifiers No Prefix RequiredTable 4-9. W3C Extended Log Format Identifiers Requires a Prefix Table 4-10. W3C Extended Log File Format Allows Log FieldsCreating a Custom Log Format Creating a Custom Log Format by Using the NSWL LibraryField DescriptionCreating a Custom Log Format Manually To create the custom log format by using the NSWL LibraryExample Creating Apache Log Formats Sample Configuration FileCitrix NetScaler Administration Guide Table 4-11. Custom Log Format Arguments for Defining a Custom Log FormatArgument Specifiesb d g h H Foobari j J l m M Foobaro p q ArgumentSpecifies r s t formatt T u U v V V6 ArgumentSpecifies Table 4-12. Time Format Definition Time Format DefinitionArgument SpecifiesArgument Chapter 4 Web Server LoggingSpecifies Citrix NetScaler Administration Guide Chapter 4 Web Server Logging Configuring Clock Synchronization Viewing the System Date and Time Advanced ConfigurationsConfiguring TCP Window Scaling Configuring Selective Acknowledgment Clearing the Configuration Viewing the HTTP Band StatisticsTo add an NTP server by using the NetScaler command line Configuring Clock Synchronizationw show ntp server Example Parameters for configuring an NTP server To modify or remove NTP servers by using the NetScaler command lineTo configure an NTP server by using the configuration utility serverNamew enable ntp sync w disable ntp sync Configuring Clock Synchronization ManuallyStarting or Stopping the NTP Daemon usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.log To view the system date and time by using the NetScaler command lineshow ns config Example Viewing the System Date and TimeTo view the system date and time by using the configuration utility Configuring TCP Window ScalingSystem Time Tue Feb 165044 Parameters for configuring window scaling To configure window scaling by using the NetScaler command linew show ns tcpParam Example WSValTo configure window scaling by using the configuration utility Configuring Selective AcknowledgmentENABLED SACK statusTo enable SACK by using the Configuration Utility Clearing the ConfigurationTo clear a configuration by using the NetScaler command line To clear a configuration by using the configuration utility Parameters for clearing a configurationViewing the HTTP Band Statistics levelTo modify the band range by using the NetScaler command line To modify the band range by using the configuration utility Configuring HTTP ProfilesTo add an HTTP profile by using the NetScaler command line Table 5-1. Built-in HTTP ProfilesParameters for adding an HTTP profile ENABLED DISABLED w sh ns httpProfile Examplename Name maxReusePool Max Connection in reusepoolTo add an HTTP profile by using the configuration utility Configuring TCP ProfilesTable 5-2. Built-in TCP Profiles Built-in profileBuilt-in profile To add a TCP profile by using the NetScaler command lineDescription Parameters for creating a TCP profile delayedAck TCP Delayed ACK Time-out msecw sh ns tcpProfile Example WS Window ScalingInitial Congestion Window Size TCP Delayed ACK Time-out msec To add a TCP profile by using the configuration utilitypktPerRetx Maximum Packets per Retransmission minRTO Minimum RTO in millisecUse Nagles Algorithm Immediate ACK on Receiving Packet with PUSH Specifying a TCP Buffer Sizew set ns tcpProfile name -bufferSize positiveinteger w show ns tcpProfile namew show ns tcpProfile nstcpdefaultprofile w set ns tcpProfile nstcpdefaultprofile -bufferSize positiveintegerExample 12000bufferSize Parameters for setting the TCP buffer size in a TCP profilename Parameters for specifying the MSS value in a TCP profile Specifying the MSS Value in a TCP Profilew set ns tcpParam -learnVsvrMSS ENABLEDDISABLED w show ns tcpParam Configuring the NetScaler to Learn the MSS Value from Bound ServicesLearn MSS for VServer ENABLEDlearnVsvrMSS Chapter 5 Advanced Configurations Configuring the Web Interface How Web Interface Works Prerequisites Installing the Web InterfaceWeb Interface ChapterPrerequisites How Web Interface WorksFigure 6-1. A Basic Web Interface Session Example Installing the Web InterfaceParameters for installing the Web interface and JRE tar files Configuring the Web InterfaceWeb Interface tar file path JRE tar file pathKiosk Mode Parameters for configuring Web interface sitesDirect Mode Site TypeAuthentication Point Gateway Direct ModeAccess Gateway URL PortXML Service Addresses Configuring a Web Interface Site for LAN Users Using HTTPXML Service Port TransportSite Type Published Resource Type Kiosk Mode Figure 6-2. A Web Interface Site Configured for LAN Users Using HTTPVirtual Server Protocol select HTTPS IP Address Port XML Service Addresses XML Service Port Transport Load BalanceExample ExampleExample ExampleFigure 6-3. A Web Interface Site Configured for LAN Users Using HTTPS Configuring a Web Interface Site for LAN Users Using HTTPSChapter 6 Web Interface Site Type Published Resource Type Kiosk ModeVirtual Server Protocol select HTTPS IP Address Port Example XML Service Addresses XML Service Port Transport Load BalanceExample ExampleExample ExampleExample ExampleExample Configuring a Web Interface Site for Remote Users Using AGEEExample Site Type Published Resource Type Kiosk Mode Trust SSL Certificate STA Server URL STA Server URL Authentication Point Access Gateway URL Add DNS EntrySession Reliability Use two STA Servers XML Service Addresses XML Service Port Transport Load BalanceExample Chapter 6 Web InterfaceExample AppFlow How AppFlow Works Configuring the AppFlow FeatureChapter TopicsFigure 7-1. NetScaler Flow Sequence How AppFlow WorksTemplates Flow RecordstransactionID connectionIDhttpRequestSize Configuring the AppFlow FeaturehttpRequestURL httpUserAgentTo enable the AppFlow feature by using the configuration utility Enabling or Disabling the AppFlow FeatureTo specify a collector by using the NetScaler command line w enable ns feature appflow w disable ns feature appflowTo remove a collector by using the NetScaler command line Configuring an AppFlow ActionTo specify a collector by using the configuration utility To configure an AppFlow action by using the NetScaler command lineDone show appflow action 1 Name apfl-act-collector-1 Parameters for configuring an AppFlow actionCollectors collecter-1 Hits Action Reference Count 2 Name apfl-act-collector-2-and-3 Collectors collector-2, collecter-3To configure an AppFlow action by using the configuration utility Configuring an AppFlow PolicyTo configure an AppFlow policy by using the NetScaler command line w show appflow policy namename Parameters for configuring an AppFlow policyrule actionTo add an expression by using the Add Expression dialog box To configure an AppFlow policy by using the configuration utilityHTTP commentCLIENT Binding an AppFlow Policyw show appflow global Parameters for binding an AppFlow policy To globally bind an AppFlow policy by using the configuration utilitygotoPriorityExpression invoke Invoke flag labelTypeNetScaler command line To enable AppFlow for a virtual server by using theEnabling AppFlow for Virtual Servers 6. Click Apply ChangesSetting the AppFlow Parameters Enabling AppFlow for a ServiceTo enable AppFlow for a service by using the NetScaler command line To enable AppFlow for a service by using the configuration utilityw show appflowParam AppFlow ParameterstemplateRefresh appnameRefreshhttpCookie To set the AppFlow parameters by using the configuration utilityhttpReferer httpMethodReporting Tool Using the Reporting ToolStopping and Starting the Data Collection Utility ChapterFigure 8-1. Report Toolbar Figure 8-2. Chart Toolbar Using the Reporting ToolTo invoke the Reporting tool Working with ReportsCreating and Deleting Reports Using Built-in ReportsTo display a built-in report To create a custom reportTo delete a custom report Modifying the Time IntervalTable 8-1. Time Intervals Time intervalExporting and Importing Custom Reports Setting the Data Source and Time ZoneTo modify the time interval To set the data source and time zoneAdding a Chart Working with ChartsModifying a Chart To add a chart to a reportTo change the graph type of a chart Viewing a ChartTo refocus a chart with detailed data To change the background color and text color of a chart To scroll through time in a chartTo customize the axes of a chart To view numeric data for a graphTo change the color and graph type of a data set Exporting Chart Data to ExcelCitrix NetScaler Administration Guide To delete a chart Deleting a ChartTo export chart data to Excel ExamplesEntity name Table 8-2. Limits on Entity Numbers Retrieved by nscollectLimit Stopping and Starting the Data Collection UtilityTo start nscollect on the local system To stop nscollectnetscaler/nscollect stop Entity nameTo start nscollect on the remote system netscaler/nscollect start -U 10.102.29.170nsrootnsroot -ds defaultnetscaler/nscollect start Citrix NetScaler Administration Guide