Policy based logging enables you to specify a format for log messages. The contents of a log message are defined by using a default syntax expression. When the message action specified in the policy is performed, the NetScaler appliance constructs the log message from the expression and writes the message to the log file. You can configure the appliance to log only when a particular DNS policy evaluates to True.
Note: If you have set a DNS policy with a DNS profile for the request side, NetScaler appliance logs only the query.
To configure policy based logging for a DNS policy, you must first configure an audit message action. For more information about configuring an audit message action, see Configuring Policy-Based Logging. After configuring the audit message action, specify the message action in a DNS policy.
To configure policy based logging for a DNS policy by using the command line interface
At the command prompt, type the following commands to configure policy based logging for a DNS policy and verify the configuration:
- add dns action <actionName> <actionType> [-IPAddress <ip_addr|ipv6_addr> ... | -viewName <string> | -preferredLocList <string> ...] [-TTL <secs>] [-dnsProfileName <string>]
- set dns policy <name> [<rule>] [-actionName <string>] [-logAction <string>]
- show dns policy [<name>]
In a GSLB deployment, if you want to respond with different IP addresses to the client requests coming from a particular subnet, instead of responding with IP addresses used for general purposes (such as the IP addresses of internal users), you can configure a DNS policy with the action type as DNS view. In this case, you can configure DNS logging on the specified DNS action such that you can log the specific responses.
> add dns profile dns_prof1 -dnsqueryLogging enABLED -dnsanswerSecLogging enABLED
> add dns view dns_view1
> add dns action dns_act1 viewName -view dns_view1 –dnsprofilename dns_prof1
> add dns policy dns_pol1 "CLIENT.IP.SRC.APPLY_MASK(255.255.255.0).EQ(100.100.100.0)”
> bind dns global dns_pol1 100 -gotoPriorityExpression END -type REQ_DEFAULT
> bind gslb service site_1_svc -viewName dns_view1 18.104.22.168
> bind gslb service site_5_svc -view dns_view1 22.214.171.124
Note: In the above configuration, if you query for the domain configured on a GSLB virtual server, for example, sampletest.com, all the internal users of subnet 100.100.100.0/24 are served with the DNS view IP addresses, and the responses are logged. Client requests for other subnets are not logged.
If you want to log only the queries for the domain example.com
, you can create a DNS profile with query logging enabled and set the DNS profile to a DNS action with the action type NOOP
, and then create a DNS policy and set the DNS action. For example:
>add dns profile query_logging -dnsqueryLogging ENABLED
>add dns action dns_act1 NOOP -dnsprofileName query_logging
>add dns policy dns_pol1 DNS.REQ.QUESTION.DOMAIN.EQ("example.com") dns_act1