Product Documentation

Monitoring Syslog Events

Dec 18, 2015

You can monitor the syslog events generated on your NetScaler device if you have configured your device to redirect all syslog messages to the Command Center server. To monitor syslog events, you need to first configure Command Center as the syslog server for your NetScaler.

In this section:

For information about NetScaler Syslog messages, see NetScaler Log Message Reference.

Configuring Command Center as the Syslog Server

To enable Command Center to display syslog messages generated on NetScaler devices, you need to add your Command Center server as the syslog server on the NetScaler device.

To configure Command Center as the syslog server

  1. Log on to the NetScaler device
  2. To add a syslog action, at the NetScaler command prompt, type:
    add audit syslogAction <name> <serverIP> [-serverPort <port>] -logLevel <logLevel> ... [-dateFormat ( MMDDYYYY | DDMMYYYY )] [-logFacility <logFacility>] [- tcp ( NONE | ALL )] [-acl ( ENABLED | DISABLED )] [- timeZone ( GMT_TIME | LOCAL_TIME )]
    Example
    add audit syslogAction CC_action 10.102.29.70 -serverPort 514 -logLevel ALL -dateFormat MMDDYYYY -logFacility LOCAL0 - tcp ALL -acl DISABLED -timeZone LOCAL_TIME
    Note: The value for serverIP should be the IP address of your Command Center server, and the serverPort should be 514.
  3. Add a syslog policy so that all syslog messages are forwarded to the Command Center server. The policy defines the conditions under which the specified syslog server will be used for logging. To add a syslog policy, at the NetScaler command prompt, type:
    add audit syslogPolicy <name> <rule> <action>
    Example
    add audit syslogpolicy CC_pol ns_true CC_action
  4. To bind the policy globally, at the NetScaler command prompt, type:
    bind system global <policyName>
    Example
     bind system global CC_pol

For more information about these commands, see Citrix NetScaler Command Reference Guide.

Viewing Syslog Messages

Updated: 2014-04-16

After you have configured your NetScaler device to forward syslog messages to the Command Center server, you can view the syslog messages from the Command Center client.

To view syslog messages

  1. On the Fault tab, in the left pane, under Syslogs, click Complete View.
  2. In the right pane, under Complete View, you can view the following details:
    • Date/Time: Specifies the date and time when the syslog is generated.
    • Source: Specifies the IP address of the device on which the syslog is generated.
    • Message: Specifies the syslog message that is generated on the NetScaler device (for example, "Nsconf was unable to write a complete config file to disk.").
    • EventID: Specifies the event ID for the syslog message.

Configuring Syslog Views

You can configure views to monitor specific syslog events and based on the criteria you specify.

Views make it easier to monitor a large number of syslog events generated across your NetScaler infrastructure. For example, you can create a view to monitor all critical syslog events raised on log facility local0.

In this section:

  • Adding Syslog Views
  • Modifying Syslog Views
  • Deleting Syslog Views

Adding Syslog Views

You can add different views for various types of syslog events that are generated on the NetScaler devices monitored on the Citrix network. These views are based on various filter criteria, such as severity, devices, and log facility.

To add syslog views

  1. On the Fault tab, in the left pane, under Syslogs, click View.
  2. In the right pane, click Add .
  3. Under Create Syslog View, enter the following details.
    • Name: The user-defined syslog name. Type a name for the syslog view.
    • Message: The syslog message that is generated. Select the operator, such as equals, not equals, and then type the message for which you want to create the view. Note that the message should be exactly the same as it is generated on the NetScaler device.
    • From Date and To Date: The date range when the syslogs are generated. Select the range for which you want to create the view.
    • Severity: The log level. Select the severity for which you want to create the view. The possible values are: Alert, Critical, Debug, Emergency, Error, Info, Notice, Warning.
    • Source: IP address of the device on which the syslog is generated. Select the IP addresses of the devices for which you want to create the view.
    • Facility: The log facility from where the syslog is generated. Select the facility for which you want to create the view. The possible values are: local0, local1, local2, local3, local4, local5, local6, and local7.

Modifying Syslog Views

After creating views, you can modify the filter criteria of the views.

To modify syslog views

  1. On the Fault tab, in the left pane, under Syslogs, click Views.
  2. In the right pane, click the view name you want to modify, and click Modify.
  3. Under Configure Syslog View, make changes to the values as required, and then click OK.

Deleting Syslog Views

You can delete a view if you do not want to use it again.

To delete syslog views

  1. On the Fault tab, in the left pane, under Syslogs, click Views.
  2. In the right pane, click the view name you want to delete, and then click Delete. Alternately, right click the view name and click Delete .

Discarding Syslogs

Updated: 2015-03-23

A large number of syslog records can occupy an excessive amount of the Command Center server space. If you do not want the Command Center server to store obsolete syslog records generated by the devices, you can create a Filter that discards those records.

After you create the filter, the Command Center server discards the syslogs that meet the criteria you specified.

To create a Filter

On the Fault tab, in the left pane, expand Syslogs, click Filters and then click Add.