StringBuilderExpr | Citrix Systems CITRIX NETSCALER 9.3 manual

Chapter 3 Audit Logging

To modify or remove an audit message action by using the NetScaler command line

wTo modify an audit message action, type the set audit messageaction command, the name of the action, and the parameters to be changed, with their new values.

wTo remove an audit message action, type the rm audit messageaction command and the name of the action.

Example

>add audit messageaction log-act1 CRITICAL '"Client:"+CLIENT.IP.SRC+" accessed "+H TTP.REQ.URL' -bypassSafetyCheck YES

Done

>show audit messageaction log-act1

1)Name: log-act1

LogMsgStr: "Client:"+CLIENT.IP.SRC+" accessed "+HTTP.REQ.URL

Loglevel:CRITICAL

Log2Newnslog:NO BypassSafetyCheck : YES Hits: 0

Undef Hits: 0

Action Reference Count: 0

Done

Parameters for configuring an audit message action

name

The name of the audit message action. The name can begin with a letter, number, or the underscore symbol, and can consist of up to 127 characters including letters, numbers, and hyphen (-), period (.) pound (#), space ( ), at sign (@), equal sign (=), colon (:), and underscore (_) symbols.

logLevel

The log level for the message action. Possible values: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, DEBUG, NONE.

stringBuilderExpr

The expression that defines the format of the log message. For a complete description of NetScaler expressions, see the Citrix NetScaler Policy Configuration and Reference Guide. For a link to the guide, see the Documentation Library.

bypassSafetyCheck

Bypass the safety check and allow unsafe expressions. Possible values: YES, NO.

Default: NO.

logtoNewnslog

Log messages in newnslog format in addition to logging them in syslog format. Possible values: YES, NO. Default: NO.

80

Image 80

Citrix Systems CITRIX NETSCALER 9.3 manual StringBuilderExpr, BypassSafetyCheck, LogtoNewnslog

Contents

Citrix NetScaler Administration Guide Copyright and Trademark Notice Page Page Contents Snmp Vii Audit Logging Web Server Logging 105 Advanced Configurations Contents Web Interface AppFlow Reporting Tool Contents Xvi Formatting Conventions Meaning Boldface Formatting Conventions for NetScaler DocumentationThis Preface To view the documentation Documentation Available on the NetScaler ApplianceConvention To provide feedback at the Knowledge Center home Getting Service and SupportNetScaler Documentation Feedback Preface Authentication and Authorization Topics Show system user Example Configuring Users and GroupsConfiguring User Accounts Parameters for configuring a user account Password PasswordTimeout CLI Idle Session Timeout Secs UserName User Name Show system group Example Configuring User GroupsTo create a user group by using the NetScaler command line Show system group groupName Example Parameters for configuring a user group Show system group groupNameGroupName Group Name UserName CLI Prompt CLI Idle Session Timeout Secs Configuring Command PoliciesBuilt-in Command Policies Creating Custom Command Policies Built-in Command Policies Policy name AllowsExcept show runningconfig, show Runningconfig, and sh gslb Matches these commands Command specification regular expression Parameters for configuring a command policy Sh system cmdPolicy ExamplePolicyname Action Binding Command Policies to Users and Groups Parameters for binding a command policy to a user Sh system user userName ExampleSh system user userName Priority Parameters for binding a command policy to a group Sh system group groupName ExampleSh system group groupName GroupName Resetting the Default Administrator nsroot Password To reset the nsroot password Example of a User Scenario Fsck /dev/ad0s1a Mount /dev/ad0s1a /flash Configuration steps Sample Values for Creating Entities Field Configuring External User Authentication Configuring Ldap Authentication Bind DN Examples of Base Distinguished Name Ldap server Base DNExamples of Bind Distinguished Name Ldap server Authentication Type, select LDAP. Next to Server, click New Determining attributes in the Ldap directory Authentication Type, select Radius Configuring Radius AuthenticationChoosing Radius authentication protocols Configuring IP address extraction Authentication Type, select Tacacs Configuring TACACS+ AuthenticationConfiguring NT4 Authentication Authentication Type, select NT4 Authentication and Authorization Snmp Importing MIB Files to the Snmp Manager and Trap Listener Enabling or Disabling an Snmp Alarm Enable snmp alarm alarm name Sh snmp alarm alarm name Configuring Alarms To configure an Snmp alarm by using the command lineParameters for configuring Snmp alarms Severity To add an Snmp trap by using the NetScaler command line Configuring TrapsTo configure Snmp alarms by using the configuration utility Parameters for configuring Snmp traps To configure Snmp Traps by using the configuration utility Enabling Unconditional Snmp Trap Logging Configuring the NetScaler for Snmp v1 and v2 Queries Specifying an Snmp ManagerParameters for unconditional Snmp trap logging SnmpTrapLogging Snmp Trap Logging To add an Snmp manager by using the NetScaler command line Show snmp manager Parameters for configuring an Snmp manager IPAddress To add an Snmp manager by using the configuration utility Parameters for configuring an Snmp community string Specifying an Snmp CommunitySh snmp community Permissions Community String*-communityName Configuring Snmp Alarms for Rate LimitingConfiguring an Snmp Alarm for Throughput or PPS Show snmp alarm PF-RL-RATE-THRESHOLD Show snmp alarm PF-RL-PPS-THRESHOLD ThresholdValueNormalValue State Configuring Snmp Alarm for Dropped Packets Alarm Threshold-thresholdValue Normal Threshold-normalValue Configuring the NetScaler for SNMPv3 Queries Parameters for configuring an Snmp alarm for dropped packets Setting the Engine ID Configuring a View To set the engine ID by using the NetScaler command lineParameters for setting the engine ID To set the engine ID by using configuration utility To add an Snmp group by using the NetScaler command line Configuring a GroupParameters for configuring an Snmp view Configuring a User Parameters for configuring an Snmp groupTo configure a user by using the NetScaler command line SecurityLevel Parameters for configuring an Snmp user Citrix NetScaler Administration Guide Snmp Audit Logging Audit Logging Show audit syslogAction name Configuring the NetScaler Appliance for Audit LoggingConfiguring Audit Servers Parameters for configuring auditing servers Show audit nslogAction nameServerIP ServerPort Log levels defined To configure a Syslog policy by using the command line Configuring Audit PoliciesTo configure an auditing server action Rule To configure an Nslog policy by using the command lineParameters for configuring audit policies To configure an audit server policy Binding the Audit Policies GloballyParameters for binding the audit policies globally Name* name Server* action Configuring Policy-Based Logging Configuring an Audit Message ActionTo globally bind the audit policy Pre Requisites LogtoNewnslog BypassSafetyCheckStringBuilderExpr Installing and Configuring the Nslog Server Binding Audit Message Action to a Policy Software requirements Installing Nslog Server on the Linux Operating SystemSupported Platforms for the Nslog Server Operating system Installing Nslog Server on the FreeBSD Operating System Pkginfo grep NSaudserver Pkgdelete NSaudserver To install Nslog server on a Windows operating system On the system, where you have downloaded the Nslog package Nslog Server Command Options To uninstall the Nslog server on a Windows operating systemAudserver -remove Audserver -stop To add the IP addresses of the NetScaler appliance Audserver -remove Specifies To start audit server logging Verifying the Nslog Server Configuration FileRunning the Nslog Server To create a filter Customizing Logging on the Nslog ServerCreating Filters Specifying Log Properties Default Settings for the Log Properties Sample Configuration File audit.conf Following is a sample configuration file Web Server Logging Configuring the NetScaler Appliance for Web Server Logging Enabling or Disabling Web Server Logging Modifying the Default Buffer Size Parameter for modifying the buffer sizeSh weblogparam Example Buffer Size To modify the buffer size by using the configuration utility Supported Platforms for the Nswl Client Operating system Cp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp Installing Nswl Client on a Solaris Operating SystemHardware requirements Installing Nswl Client on a Linux Operating System Cd /tmpTar xvf NSweblog.tar Pkginfo grep NSweblog To get more information about the NSweblog RPM file Installing Nswl Client on a FreeBSD Operating SystemTo view the installed Web server logging files Cp pathtocd/Utilities/weblog/macos/NSweblog.tgz /tmp Installing Nswl Client on a Mac OS Operating SystemPkgdelete NSweblog Installing Nswl Client on a Windows Operating System To install the Nswl client on a Windows system Installing Nswl Client on an AIX Operating System To uninstall the Nswl client on a Windows systemCp pathtocd/Utilities/weblog/AIX/NSweblog.rpm /tmp Rpm -i NSweblog.rpm Nswl Client Command Options Nswl Command Options Nswl command Specifies Nswl -addns -f directorypath \log.conf Adding the IP Addresses of the NetScaler ApplianceTo add the Nsip address of the NetScaler appliance Verifying the Nswl Configuration File To verify the configuration in the Nswl configuration fileRunning the Nswl Client Customizing Logging on the Nswl Client System Parameters for Creating a Filter Specifies On OFF To create a filter for a virtual server LogFormat Ncsa Understanding the Ncsa and W3C Log Formats Ncsa Common Log Format W3C Extended Log Format Ncsa Common Log Format Argument Specifies Directive Descriptions EntriesDirectives Fields IdentifiersPrefix Descriptions Specifies Examples W3C Extended Log Format Identifiers No Prefix Required Description Field Description Creating a Custom Log Format by Using the Nswl LibraryCreating a Custom Log Format To create the custom log format by using the Nswl Library Creating a Custom Log Format Manually Sample Configuration File Creating Apache Log Formats Ncsa Arguments for Defining a Custom Log Format 11.Custom Log Format Argument Specifies Foobari Foobaro Formatt Time Format Definition 12.Time Format Definition Argument Specifies Argument Specifies 123 Web Server Logging 124 Advanced Configurations Show ntp server Example Configuring Clock SynchronizationTo add an NTP server by using the NetScaler command line Parameters for configuring an NTP server ServerNameMinpoll Maxpoll Starting or Stopping the NTP Daemon Configuring Clock Synchronization ManuallyEnable ntp sync Disable ntp sync Viewing the System Date and Time Usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.logShow ns config Example Configuring TCP Window Scaling WSVal Parameters for configuring window scalingShow ns tcpParam Example Configuring Selective Acknowledgment Enabled Clearing the Configuration To enable Sack by using the Configuration Utility Parameters for clearing a configuration To clear a configuration by using the configuration utilityViewing the Http Band Statistics Level ReqBandSize RespBandSize Configuring Http Profiles To modify the band range by using the configuration utilityTo add an Http profile by using the NetScaler command line Built-in Http Profiles Built-in profile Description Parameters for adding an Http profile Built-in TCP Profiles Built-in profile Description Configuring TCP ProfilesTo add an Http profile by using the configuration utility To add a TCP profile by using the NetScaler command line Parameters for creating a TCP profile To add a TCP profile by using the configuration utility Specifying a TCP Buffer Size Example Parameters for setting the TCP buffer size in a TCP profile BufferSize Mss Specifying the MSS Value in a TCP ProfileParameters for specifying the MSS value in a TCP profile Learn MSS for VServer LearnVsvrMSS Advanced Configurations 148 Web Interface How Web Interface Works Prerequisites Installing the Web Interface JRE tar file path Configuring the Web InterfaceWeb Interface tar file path Parameters for configuring Web interface sites Gateway Direct Mode Authentication PointAccess Gateway URL Port Configuring a Web Interface Site for LAN Users Using Http XML Service AddressesXML Service Port Transport A Web Interface Site Configured for LAN Users Using Http Site Type Published Resource Type Kiosk Mode Virtual Server Protocol select Https IP Address Port Add service WILoopbackService 127.0.0.1 Http Configuring a Web Interface Site for LAN Users Using Https A Web Interface Site Configured for LAN Users Using Https 160 161 Add lb vserver Httpswi SSL 10.102.29.3 Configuring a Web Interface Site for Remote Users Using Agee A Web Interface Site Configured for Remote Users Using Agee 165 166 AppFlow How AppFlow Works NetScaler Flow Sequence Flow Records Templates Configuring the AppFlow Feature Specifying a Collector Enabling or Disabling the AppFlow FeatureTo specify a collector by using the NetScaler command line Configuring an AppFlow Action To remove a collector by using the NetScaler command lineTo specify a collector by using the configuration utility Parameters for specifying a collector Comment Parameters for configuring an AppFlow actionCollectors Configuring an AppFlow Policy Show appflow policy name Parameters for configuring an AppFlow policy Rule Action To add an expression by using the Add Expression dialog box Http Binding an AppFlow Policy Show appflow global Parameters for binding an AppFlow policy GotoPriorityExpressionInvoke Invoke flag LabelType LabelName Enabling AppFlow for Virtual Servers Click Apply Changes Enabling AppFlow for a Service Setting the AppFlow Parameters AppFlow Parameters HttpCookie HttpRefererHttpMethod HttpHost Reporting Tool Working with Reports Using the Reporting ToolTo invoke the Reporting tool Using Built-in Reports Creating and Deleting Reports Modifying the Time Interval Time Intervals Time interval Displays Setting the Data Source and Time Zone Exporting and Importing Custom Reports Modifying a Chart Working with ChartsAdding a Chart Viewing a Chart To change the graph type of a chart To view numeric data for a graph To change the color and graph type of a data set Examples Deleting a ChartTo export chart data to Excel Stopping and Starting the Data Collection Utility Limits on Entity Numbers Retrieved by nscollect Entity name To stop nscollect To start nscollect on the local systemEntity name Limit Netscaler/nscollect stop To start nscollect on the remote system Netscaler/nscollect start