ADC

Customizing logging on the NSLOG server

You can customize logging on the NSLOG server by making additional modifications to the NSLOG server configuration file (log.conf). Use a text editor to modify the log.conf configuration file on the server system.

To customize logging, use the configuration file to define filters and log properties.

  • Log filters. Filter log information from a Citrix ADC appliance or a set of Citrix ADC appliances.
  • Log properties. Each filter has an associated set of log properties. Log properties define how to store the filtered log information.

This document includes the following details:

Creating filters

You can use the default filter definition located in the configuration file (audit log.conf ), or you can modify the filter or create a new filter. You can create more than one log filter.

Note: For consolidated logging, if a log transaction occurs for which there is no filter definition, the default filter is used (if it is enabled.) The only way you can configure consolidated logging of all the Citrix ADC appliances is by defining the default filter.

To create a filter

At the command prompt, type the following command in the configuration file ( auditlog.conf):

filter <filterName> [IP <ip>] [NETMASK <mask>] ON | OFF]
<!--NeedCopy-->

filterName: Specify the name of the filter (maximum of 64 alphanumeric characters).

ip: Specify the IP addresses.

mask: Specify the subnet mask to be used on a subnet.

Specify ON to enable the filter to log transactions, or specify OFF to disable the filter. If no argument is specified, the filter is ON.

Examples:

filter F1 IP 192.168.100.151 ON
<!--NeedCopy-->

To apply the filter F2 to IP addresses 192.250.100.1 to 192.250.100.254:

filter F2 IP 192.250.100.0 NETMASK 255.255.255.0 ON
<!--NeedCopy-->

filterName is a required parameter if you are defining a filter with other optional parameters, such as IP address, or the combination of IP address and Netmask.

Specifying log properties

Log properties associated with the filter are applied to all the log entries present in the filter. The log property definition starts with the key word BEGIN and ends with END as illustrated in the following example:


BEGIN <filtername>
    logFilenameFormat ...
    logDirectory ...
    logInterval ...
    logFileSizeLimit ....
END
<!--NeedCopy-->

Entries in the definition can include the following:

  • LogFilenameFormat specifies the file name format of the log file. The name of the file can be of the following types:

    • Static: A constant string that specifies the absolute path and the file name.
    • Dynamic: An expression that includes the following format specifiers:
      • Date (%{format}t)
      • creates file name with NSIP

    Example:

     LogFileNameFormat Ex%`{`%m%d%y}t.log
     <!--NeedCopy-->
    

    This creates the first file name as Exmmddyy.log. New files are named: Exmmddyy.log.0, Exmmddyy.log.1, and so on. In the following example, the new files are crated when the file size reaches 100MB.

    Example:

     LogInterval size
     LogFileSize 100
     LogFileNameFormat Ex%`{`%m%d%y}t
     <!--NeedCopy-->
    

Caution

The date format %t specified in the LogFilenameFormat parameter overrides the log interval property for that filter. To prevent a new file being created every day instead of when the specified log file size is reached, do not use %t in the LogFilenameFormat parameter.

  • logDirectory specifies the directory name format of the log file. The name of the file can be either of the following:

    • Static: Is a constant string that specifies the absolute path and file name.
    • Dynamic: Is an expression containing the following format specifiers:
      • Date (%{format}t)
      • creates directory with NSIP

    The directory separator depends on the operating system. In Windows, use the directory separator.

    Example:

     LogDirectory dir1\dir2\dir3
     <!--NeedCopy-->
    

    In the other operating systems (Linux, FreeBsd, etc.), use the directory separator.

  • LogInterval specifies the interval at which new log files are created. Use one of the following values:

    • Hourly: A file is created every hour. Default value.
    • Daily: A file is created very day at midnight.
    • Weekly: A file is created every Sunday at midnight.
    • Monthly : A file is created on the first day of the month at midnight.
    • None: A file is created only once, when audit server logging starts.
    • Size: A file is created only when the log file size limit is reached.

    Example:

     LogInterval Hourly
     <!--NeedCopy-->
    
    • LogFileSizeLimit specifies the maximum size (in MB) of the log file. A new file is created when the limit is reached.

    Note

    You can override the loginterval property by assigning size as its value.

    The default LogFileSizeLimit is 10 MB.

    Example:

     LogFileSizeLimit 35
     <!--NeedCopy-->
    
Customizing logging on the NSLOG server