Configuring Audit Servers | Citrix Systems CITRIX NETSCALER 9.3

Citrix NetScaler Administration Guide

Configuring the NetScaler Appliance for Audit Logging

Policies define the SYSLOG or NSLOG protocol, and server actions define what logs are sent where. For server actions, you specify the system information, which runs the SYSLOG or the NSLOG server.

The Citrix NetScaler logs the following information related to TCP connections:

wSource port

wDestination port

wSource IP

wDestination IP

wNumber of bytes transmitted and received

wTime period for which the connection is open

Note: You can enable TCP logging on individual load balancing vservers. You must bind the audit log policy to a specific load balancing vserver that you want to log.

Configuring Audit Servers

You can configure audit server actions for different servers and for different log levels.

To configure a SYSLOG server action by using the command line

At the NetScaler command prompt, type the following commands to set the parameters and verify the configuration:

wadd audit syslogAction <name> <serverIP> [-serverPort <port>] -logLevel <logLevel> [-dateFormat ( MMDDYYYY DDMMYYYY )]

wshow audit syslogAction [<name>]

Example

>add audit syslogaction audit-action1 10.102.1.1 - loglevel INFORMATIONAL -dateformat MMDDYYYY

Done

>show audit syslogaction audit-action1

1)	Name: audit-action1	Port: 514
	Server IP: 10.102.1.1	Port: 514

Loglevel : INFORMATIONAL

Date Format: MMDDYYYY

Time Zone: GMT_TIME

Facility: LOCAL0

Tcp Logging: NONE

ACL Logging: DISABLED

73

Image 73

Citrix Systems CITRIX NETSCALER 9.3 manual Configuring the NetScaler Appliance for Audit Logging, Configuring Audit Servers

Contents

Citrix NetScaler Administration Guide Copyright and Trademark Notice Page Page Contents Snmp Vii Audit Logging Web Server Logging 105 Advanced Configurations Contents Web Interface AppFlow Reporting Tool Contents Xvi This Preface Formatting Conventions for NetScaler DocumentationFormatting Conventions Meaning Boldface Convention Documentation Available on the NetScaler ApplianceTo view the documentation NetScaler Documentation Feedback Getting Service and SupportTo provide feedback at the Knowledge Center home Preface Topics Authentication and Authorization Configuring User Accounts Configuring Users and GroupsShow system user Example Password Password Parameters for configuring a user accountTimeout CLI Idle Session Timeout Secs UserName User Name To create a user group by using the NetScaler command line Configuring User GroupsShow system group Example Show system group groupName Example Show system group groupName Parameters for configuring a user groupGroupName Group Name UserName Built-in Command Policies Configuring Command PoliciesCLI Prompt CLI Idle Session Timeout Secs Built-in Command Policies Policy name Allows Creating Custom Command PoliciesExcept show runningconfig, show Runningconfig, and sh gslb Command specification regular expression Matches these commands Sh system cmdPolicy Example Parameters for configuring a command policyPolicyname Action Binding Command Policies to Users and Groups Sh system user userName Example Parameters for binding a command policy to a userSh system user userName Priority Sh system group groupName Example Parameters for binding a command policy to a groupSh system group groupName GroupName To reset the nsroot password Resetting the Default Administrator nsroot Password Fsck /dev/ad0s1a Mount /dev/ad0s1a /flash Example of a User Scenario Sample Values for Creating Entities Field Configuration steps Configuring External User Authentication Configuring Ldap Authentication Examples of Bind Distinguished Name Ldap server Examples of Base Distinguished Name Ldap server Base DNBind DN Authentication Type, select LDAP. Next to Server, click New Determining attributes in the Ldap directory Choosing Radius authentication protocols Configuring Radius AuthenticationAuthentication Type, select Radius Configuring IP address extraction Configuring NT4 Authentication Configuring TACACS+ AuthenticationAuthentication Type, select Tacacs Authentication Type, select NT4 Authentication and Authorization Snmp Importing MIB Files to the Snmp Manager and Trap Listener Enable snmp alarm alarm name Sh snmp alarm alarm name Enabling or Disabling an Snmp Alarm To configure an Snmp alarm by using the command line Configuring AlarmsParameters for configuring Snmp alarms Severity To configure Snmp alarms by using the configuration utility Configuring TrapsTo add an Snmp trap by using the NetScaler command line To configure Snmp Traps by using the configuration utility Parameters for configuring Snmp traps Enabling Unconditional Snmp Trap Logging Specifying an Snmp Manager Configuring the NetScaler for Snmp v1 and v2 QueriesParameters for unconditional Snmp trap logging SnmpTrapLogging Snmp Trap Logging Show snmp manager To add an Snmp manager by using the NetScaler command line IPAddress Parameters for configuring an Snmp manager To add an Snmp manager by using the configuration utility Specifying an Snmp Community Parameters for configuring an Snmp community stringSh snmp community Permissions Configuring an Snmp Alarm for Throughput or PPS Configuring Snmp Alarms for Rate LimitingCommunity String*-communityName Show snmp alarm PF-RL-RATE-THRESHOLD ThresholdValue Show snmp alarm PF-RL-PPS-THRESHOLDNormalValue State Alarm Threshold-thresholdValue Normal Threshold-normalValue Configuring Snmp Alarm for Dropped Packets Parameters for configuring an Snmp alarm for dropped packets Configuring the NetScaler for SNMPv3 Queries Setting the Engine ID To set the engine ID by using the NetScaler command line Configuring a ViewParameters for setting the engine ID To set the engine ID by using configuration utility Parameters for configuring an Snmp view Configuring a GroupTo add an Snmp group by using the NetScaler command line Parameters for configuring an Snmp group Configuring a UserTo configure a user by using the NetScaler command line SecurityLevel Parameters for configuring an Snmp user Citrix NetScaler Administration Guide Snmp Audit Logging Audit Logging Configuring Audit Servers Configuring the NetScaler Appliance for Audit LoggingShow audit syslogAction name Show audit nslogAction name Parameters for configuring auditing serversServerIP ServerPort Log levels defined To configure an auditing server action Configuring Audit PoliciesTo configure a Syslog policy by using the command line Parameters for configuring audit policies To configure an Nslog policy by using the command lineRule Binding the Audit Policies Globally To configure an audit server policyParameters for binding the audit policies globally Name* name Server* action Configuring an Audit Message Action Configuring Policy-Based LoggingTo globally bind the audit policy Pre Requisites StringBuilderExpr BypassSafetyCheckLogtoNewnslog Binding Audit Message Action to a Policy Installing and Configuring the Nslog Server Supported Platforms for the Nslog Server Operating system Installing Nslog Server on the Linux Operating SystemSoftware requirements Installing Nslog Server on the FreeBSD Operating System Pkgdelete NSaudserver Pkginfo grep NSaudserver On the system, where you have downloaded the Nslog package To install Nslog server on a Windows operating system To uninstall the Nslog server on a Windows operating system Nslog Server Command OptionsAudserver -remove Audserver -stop Audserver -remove Specifies To add the IP addresses of the NetScaler appliance Running the Nslog Server Verifying the Nslog Server Configuration FileTo start audit server logging Creating Filters Customizing Logging on the Nslog ServerTo create a filter Specifying Log Properties Default Settings for the Log Properties Following is a sample configuration file Sample Configuration File audit.conf Web Server Logging Enabling or Disabling Web Server Logging Configuring the NetScaler Appliance for Web Server Logging Parameter for modifying the buffer size Modifying the Default Buffer SizeSh weblogparam Example Buffer Size Supported Platforms for the Nswl Client Operating system To modify the buffer size by using the configuration utility Hardware requirements Installing Nswl Client on a Solaris Operating SystemCp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp Cd /tmp Installing Nswl Client on a Linux Operating SystemTar xvf NSweblog.tar Pkginfo grep NSweblog To view the installed Web server logging files Installing Nswl Client on a FreeBSD Operating SystemTo get more information about the NSweblog RPM file Pkgdelete NSweblog Installing Nswl Client on a Mac OS Operating SystemCp pathtocd/Utilities/weblog/macos/NSweblog.tgz /tmp To install the Nswl client on a Windows system Installing Nswl Client on a Windows Operating System To uninstall the Nswl client on a Windows system Installing Nswl Client on an AIX Operating SystemCp pathtocd/Utilities/weblog/AIX/NSweblog.rpm /tmp Rpm -i NSweblog.rpm Nswl Command Options Nswl command Specifies Nswl Client Command Options To add the Nsip address of the NetScaler appliance Adding the IP Addresses of the NetScaler ApplianceNswl -addns -f directorypath \log.conf To verify the configuration in the Nswl configuration file Verifying the Nswl Configuration FileRunning the Nswl Client Customizing Logging on the Nswl Client System On OFF Parameters for Creating a Filter Specifies To create a filter for a virtual server LogFormat Ncsa Ncsa Common Log Format Understanding the Ncsa and W3C Log Formats Ncsa Common Log Format Argument Specifies W3C Extended Log Format Directives EntriesDirective Descriptions Identifiers FieldsPrefix Descriptions Specifies Examples Description W3C Extended Log Format Identifiers No Prefix Required Creating a Custom Log Format Creating a Custom Log Format by Using the Nswl LibraryField Description Creating a Custom Log Format Manually To create the custom log format by using the Nswl Library Creating Apache Log Formats Sample Configuration File Ncsa 11.Custom Log Format Argument Specifies Arguments for Defining a Custom Log Format Foobari Foobaro Formatt 12.Time Format Definition Argument Specifies Time Format Definition Argument Specifies 123 Web Server Logging 124 Advanced Configurations To add an NTP server by using the NetScaler command line Configuring Clock SynchronizationShow ntp server Example ServerName Parameters for configuring an NTP serverMinpoll Maxpoll Enable ntp sync Disable ntp sync Configuring Clock Synchronization ManuallyStarting or Stopping the NTP Daemon Show ns config Example Usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.logViewing the System Date and Time Configuring TCP Window Scaling Show ns tcpParam Example Parameters for configuring window scalingWSVal Enabled Configuring Selective Acknowledgment To enable Sack by using the Configuration Utility Clearing the Configuration To clear a configuration by using the configuration utility Parameters for clearing a configurationViewing the Http Band Statistics Level RespBandSize ReqBandSize To modify the band range by using the configuration utility Configuring Http ProfilesTo add an Http profile by using the NetScaler command line Built-in Http Profiles Built-in profile Description Parameters for adding an Http profile To add an Http profile by using the configuration utility Configuring TCP ProfilesBuilt-in TCP Profiles Built-in profile Description To add a TCP profile by using the NetScaler command line Parameters for creating a TCP profile To add a TCP profile by using the configuration utility Specifying a TCP Buffer Size Example BufferSize Parameters for setting the TCP buffer size in a TCP profile Parameters for specifying the MSS value in a TCP profile Specifying the MSS Value in a TCP ProfileMss Learn MSS for VServer LearnVsvrMSS Advanced Configurations 148 Web Interface Prerequisites How Web Interface Works Installing the Web Interface Web Interface tar file path Configuring the Web InterfaceJRE tar file path Parameters for configuring Web interface sites Authentication Point Gateway Direct ModeAccess Gateway URL Port XML Service Addresses Configuring a Web Interface Site for LAN Users Using HttpXML Service Port Transport Site Type Published Resource Type Kiosk Mode A Web Interface Site Configured for LAN Users Using Http Virtual Server Protocol select Https IP Address Port Add service WILoopbackService 127.0.0.1 Http A Web Interface Site Configured for LAN Users Using Https Configuring a Web Interface Site for LAN Users Using Https 160 161 Add lb vserver Httpswi SSL 10.102.29.3 Configuring a Web Interface Site for Remote Users Using Agee A Web Interface Site Configured for Remote Users Using Agee 165 166 AppFlow NetScaler Flow Sequence How AppFlow Works Templates Flow Records Configuring the AppFlow Feature To specify a collector by using the NetScaler command line Enabling or Disabling the AppFlow FeatureSpecifying a Collector To remove a collector by using the NetScaler command line Configuring an AppFlow ActionTo specify a collector by using the configuration utility Parameters for specifying a collector Collectors Parameters for configuring an AppFlow actionComment Show appflow policy name Configuring an AppFlow Policy Rule Action Parameters for configuring an AppFlow policy Http To add an expression by using the Add Expression dialog box Show appflow global Binding an AppFlow Policy GotoPriorityExpression Parameters for binding an AppFlow policyInvoke Invoke flag LabelType LabelName Click Apply Changes Enabling AppFlow for Virtual Servers Setting the AppFlow Parameters Enabling AppFlow for a Service AppFlow Parameters HttpReferer HttpCookieHttpMethod HttpHost Reporting Tool To invoke the Reporting tool Using the Reporting ToolWorking with Reports Creating and Deleting Reports Using Built-in Reports Time Intervals Time interval Displays Modifying the Time Interval Exporting and Importing Custom Reports Setting the Data Source and Time Zone Adding a Chart Working with ChartsModifying a Chart To change the graph type of a chart Viewing a Chart To view numeric data for a graph To change the color and graph type of a data set To export chart data to Excel Deleting a ChartExamples Limits on Entity Numbers Retrieved by nscollect Entity name Stopping and Starting the Data Collection Utility To start nscollect on the local system To stop nscollectEntity name Limit Netscaler/nscollect stop Netscaler/nscollect start To start nscollect on the remote system