Configuring ACL Logging

January 29, 2019

Contributed by: C

You can configure NetScaler Gateway to log details for packets that match an extended access control list (ACL). In addition to the ACL name, the logged details include packet-specific information, such as the source and destination IP addresses. The information is stored either in a syslog or nslog file, depending on the type of logging (syslog or nslog) that you enable.

You can enable logging at both the global level and the ACL level. However, to enable logging at the ACL level, you must also enable it at the global level. The global setting takes precedence.

To optimize logging, when multiple packets from the same flow match an ACL, only the first packet’s details are logged. The counter is incremented for every other packet that belongs to the same flow. A flow is defined as a set of packets that have the same values for the following parameters:

Source IP
Destination IP
Source port
Destination port
Protocol (TCP or UDP)

If the packet is not from the same flow, or if the time duration is beyond the mean time, a new flow is created. Mean time is the time during which packets of the same flow do not generate additional messages (although the counter is incremented).

Note: The total number of different flows that can be logged at any given time is limited to 10,000.

The following table describes the parameters with which you can configure ACL logging at the rule level for extended ACLs.

Parameter Name	Description
Logstate	State of the logging feature for the ACL. Possible values: ENABLED and DISABLED. Default: DISABLED.
Ratelimit	Number of log messages that a specific ACL can generate. Default: 100.

To configure ACL logging by using the configuration utility

You can configure logging for an ACL and specify the number of log messages that the rule can generate.

In the configuration utility, in the navigation pane, expand System > Network and then click ACLs.
In the details pane, click the Extended ACLs tab and then click Add.
In the Create Extended ACL dialog box, in Name, type a name for the policy.
Select the Log State check box.
In the Log Rate Limit text box, type the rate limit that you want to specify for the rule and then click Create.

After you configure ACL logging, you can enable it on NetScaler Gateway. Create an auditing policy and then bind it to a user, group, virtual server, or globally.

To enable ACL or TCP logging on NetScaler Gateway

In the configuration utility, in the navigation pane, expand NetScaler Gateway > Policies > Auditing.
Select either syslog or nslog.
On the Servers tab, click Add.
In the Create Auditing Server dialog box, in Name, type a name for the server and then configure the server settings.
Click ACL Logging or TCP Logging and then click Create.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Edit this article

Configuring ACL Logging

January 29, 2019

Contributed by: C

Configuring ACL Logging

To configure ACL logging by using the configuration utility

To enable ACL or TCP logging on NetScaler Gateway

Configuring ACL Logging

In this article