Citrix Application Delivery Management service

Configuring syslog on instances

The syslog protocol provides a transport to allow the Citrix ADC instances to send event notification messages to Citrix Application Delivery and Management, which is configured as a collector or the syslog server for these messages.

You can monitor the syslog events generated on your Citrix ADC instances if you have configured your device to redirect all syslog messages to Citrix Application Delivery and Management. To monitor syslog events, you need to first configure Citrix Application Delivery and Management as the syslog server for your Citrix ADC instance. After the instance is configured, all the syslog messages are redirected to Citrix Application Delivery and Management, so that these logs can be displayed to the user in a structured manner.

Syslog uses the User Datagram Protocol (UDP), port 514, for communication, and because UDP is a connectionless protocol it does not provide any acknowledgment back to the instances. The syslog packet size is limited to 1024 bytes and carries the following information:

  • Facility
  • Severity
  • Host name
  • Timestamp
  • Message

In Citrix Application Delivery and Management, you must configure facility and log severity levels on the instances.

  • Facility - Syslog messages are broadly categorized on the basis of the sources that generate them. These sources can be the operating system, the process, or an application. These categories are called facilities and are represented by integers. For example, 0 is used by kernel messages, 1 is used by user-level messages, 2 is used by the mail system, and so on. The local use facilities (from local0 to local7) are not reserved and are available for general use. Hence, the processes and applications that do not have pre-assigned facility values can be directed to any of the eight local use facilities.
  • Severity - The source or facility that generates the syslog message also specifies the severity of the message using a single-digit integer, as shown below:

     1 - Emergency: System is unusable.
    
     2 - Alert: Action must be taken immediately.
    
     3 - Critical: Critical conditions.
    
     4 - Error: Error conditions.
    
     5 - Warning: Warning conditions.
    
     6 - Notice: Normal but significant condition.
    
     7 - Informational: Informational messages.
    
     8 - Debug: Debug-level messages.
    

To configure syslog on Citrix ADC instances:

  1. In Citrix Application Delivery and Management, navigate to Infrastructure > Instances.
  2. Select the Citrix ADC instance from which you want the syslog messages to be collected and displayed in Citrix Application Delivery and Management.
  3. In the Action drop-down list, select Configure Syslog.
  4. Click Enable.
  5. In the Facility drop-down list, select a local or user-level facility.
  6. Select the required log level for the syslog messages.
  7. Click OK.

This configures all the syslog commands in the Citrix ADC instance, and Citrix Application Delivery and Management starts receiving the syslog messages. You can view the messages by navigating to Infrastructure > Events > Syslog Messages.

Configuring syslog on instances