Citrix App Delivery and Security Service – Self Managed

Configuring syslog on instances

The syslog protocol provides a transport to allow the Citrix ADC instances to send event notification messages to Citrix App Delivery and Security Service – Self Managed, which is configured as a collector or the syslog server for these messages.

You can monitor the syslog events generated on your Citrix ADC instances if you have configured your device to redirect all syslog messages to Citrix App Delivery and Security Service – Self Managed. To monitor syslog events, you need to first configure Citrix App Delivery and Security Service – Self Managed as the syslog server for your Citrix ADC instance. After the instance is configured, all the syslog messages are redirected to Citrix App Delivery and Security Service – Self Managed, so that these logs can be displayed to the user in a structured manner.

Syslog uses the User Datagram Protocol (UDP), port 514, for communication, and because UDP is a connectionless protocol it does not provide any acknowledgment back to the instances. The syslog packet size is limited to 1024 bytes and carries the following information:

  • Facility
  • Severity
  • Host name
  • Timestamp
  • Message

In Citrix App Delivery and Security Service – Self Managed, you must configure facility and log severity levels on the instances.

  • Facility - Syslog messages are broadly categorized on the basis of the sources that generate them. These sources can be the operating system, the process, or an application. These categories are called facilities and are represented by integers. For example, 0 is used by kernel messages, 1 is used by user-level messages, 2 is used by the mail system, and so on. The local use facilities (from local0 to local7) are not reserved and are available for general use. Hence, the processes and applications that do not have pre-assigned facility values can be directed to any of the eight local use facilities.
  • Severity - The source or facility that generates the syslog message also specifies the severity of the message using a single-digit integer, as shown below:

     1 - Emergency: System is unusable.
    
     2 - Alert: Action must be taken immediately.
    
     3 - Critical: Critical conditions.
    
     4 - Error: Error conditions.
    
     5 - Warning: Warning conditions.
    
     6 - Notice: Normal but significant condition.
    
     7 - Informational: Informational messages.
    
     8 - Debug: Debug-level messages.
    

To configure syslog on Citrix ADC instances:

  1. In Citrix App Delivery and Security Service – Self Managed, navigate to Infrastructure > Instances.
  2. Select the Citrix ADC instance from which you want the syslog messages to be collected and displayed in Citrix App Delivery and Security Service – Self Managed.
  3. In the Action drop-down list, select Configure Syslog.
  4. Click Enable.
  5. In the Facility drop-down list, select a local or user-level facility.
  6. Select the required log level for the syslog messages.
  7. Click OK.

This configures all the syslog commands in the Citrix ADC instance, and Citrix App Delivery and Security Service – Self Managed starts receiving the syslog messages. You can view the messages by navigating to Infrastructure > Events > Syslog Messages.

Configuring syslog on instances