Product Documentation

audit nslogAction

Sep 12, 2016

The following operations can be performed on "audit nslogAction":

add | rm | set | unset | show

add audit nslogAction

Adds an nslog action. The action contains a reference to an nslog server and specifies which information to log and how to log that information.

Synopsys

add audit nslogAction <name> (<serverIP> | (<serverDomainName> [-domainResolveRetry <integer>])) [-serverPort <port>] -logLevel <logLevel> ... [-dateFormat <dateFormat>] [-logFacility <logFacility>] [-tcp ( NONE | ALL )] [-acl ( ENABLED | DISABLED )] [-timeZone ( GMT_TIME | LOCAL_TIME )] [-userDefinedAuditlog ( YES | NO )] [-appflowExport ( ENABLED | DISABLED )] [-lsn ( ENABLED | DISABLED )] [-alg ( ENABLED | DISABLED )] [-subscriberLog ( ENABLED | DISABLED )]

Arguments

name

Name of the nslog action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the nslog action is added.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, ?my nslog action? or ?my nslog action).

serverIP

IP address of the nslog server.

serverDomainName

Auditserver name as a FQDN. Mutually exclusive with serverIP

domainResolveRetry

Time, in seconds, for which the NetScaler appliance waits before sending another DNS query to resolve the host name of the audit server if the last query failed.

Default value: 5

Minimum value: 5

Maximum value: 20939

serverPort

Port on which the nslog server accepts connections.

Minimum value: 1

logLevel

Audit log level, which specifies the types of events to log.

Available settings function as follows:

* ALL - All events.

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

* NONE - No events.

dateFormat

Format of dates in the logs.

Supported formats are:

* MMDDYYYY - U.S. style month/date/year format.

* DDMMYYYY - European style date/month/year format.

* YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility

Facility value, as defined in RFC 3164, assigned to the log message.

Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the NetScaler appliance itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp

Log TCP messages.

Possible values: NONE, ALL

acl

Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone

Time zone used for date and timestamps in the logs.

Available settings function as follows:

* GMT_TIME. Coordinated Universal Time.

* LOCAL_TIME. The server?s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog

Log user-configurable log messages to nslog.

Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport

Export log messages to AppFlow collectors.

Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn

Log the LSN messages

Possible values: ENABLED, DISABLED

alg

Log the ALG messages

Possible values: ENABLED, DISABLED

subscriberLog

Log subscriber session event information

Possible values: ENABLED, DISABLED

rm audit nslogAction

Removes the specified nslog action and associated configuration. Note: An nslog action cannot be removed if it is bound to an nslog policy.

Synopsys

rm audit nslogAction <name>

Arguments

name

Name of the nslog action to remove.

set audit nslogAction

Modifies the specified settings of an existing nslog action.

Synopsys

set audit nslogAction <name> [-serverIP <ip_addr|ipv6_addr|*>] [-serverDomainName <string>] [-domainResolveRetry <integer>] [-domainResolveNow] [-serverPort <port>] [-logLevel <logLevel> ...] [-dateFormat <dateFormat>] [-logFacility <logFacility>] [-tcp ( NONE | ALL )] [-acl ( ENABLED | DISABLED )] [-timeZone ( GMT_TIME | LOCAL_TIME )] [-userDefinedAuditlog ( YES | NO )] [-appflowExport ( ENABLED | DISABLED )] [-lsn ( ENABLED | DISABLED )] [-alg ( ENABLED | DISABLED )] [-subscriberLog ( ENABLED | DISABLED )]

Arguments

name

Name of the nslog action to be modified.

serverIP

IP address of the nslog server.

serverDomainName

Auditserver name as a FQDN. Mutually exclusive with serverIP

domainResolveRetry

Time, in seconds, for which the NetScaler appliance waits before sending another DNS query to resolve the host name of the audit server if the last query failed.

Default value: 5

Minimum value: 5

Maximum value: 20939

domainResolveNow

Immediately send a DNS query to resolve the server's domain name.

serverPort

Port on which the nslog server accepts connections.

Minimum value: 1

logLevel

Audit log level, which specifies the types of events to log.

Available settings function as follows:

* ALL - All events.

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

* NONE - No events.

dateFormat

Format of dates in the logs.

Supported formats are:

* MMDDYYYY - U.S. style month/date/year format.

* DDMMYYYY - European style date/month/year format.

* YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility

Facility value, as defined in RFC 3164, assigned to the log message.

Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the NetScaler appliance itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp

Log TCP messages.

Possible values: NONE, ALL

acl

Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone

Time zone used for date and timestamps in the logs.

Available settings function as follows:

* GMT_TIME. Coordinated Universal Time.

* LOCAL_TIME. The server?s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog

Log user-configurable log messages to nslog.

Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport

Export log messages to AppFlow collectors.

Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn

Log the LSN messages

Possible values: ENABLED, DISABLED

alg

Log the ALG messages

Possible values: ENABLED, DISABLED

subscriberLog

Log subscriber session event information

Possible values: ENABLED, DISABLED

unset audit nslogAction

Removes the settings of an existing nslog action. Attributes for which a default value is available revert to their default values. See the set audit nslogAction command for descriptions of the parameters..Refer to the set audit nslogAction command for meanings of the arguments.

Synopsys

unset audit nslogAction <name> [-serverPort] [-logLevel] [-dateFormat] [-logFacility] [-tcp] [-acl] [-timeZone] [-userDefinedAuditlog] [-appflowExport] [-lsn] [-alg] [-subscriberLog]

show audit nslogAction

Displays the current configuration of the specified nslog action. If no nslog action is specified, displays a list of all nslog actions currently configured on the NetScaler appliance.

Synopsys

show audit nslogAction [<name>]

Arguments

name

Name of the nslog action.

Outputs

serverIP

IP address of the nslog server.

serverDomainName

Auditserver name as a FQDN. Mutually exclusive with serverIP

domainResolveRetry

Time, in seconds, for which the NetScaler appliance waits before sending another DNS query to resolve the host name of the audit server if the last query failed.

IP

The resolved IP address of the auditserver

serverPort

Port on which the nslog server accepts connections.

logLevel

Audit log level, which specifies the types of events to log.

Available settings function as follows:

* ALL - All events.

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

* NONE - No events.

dateFormat

Format of dates in the logs.

Supported formats are:

* MMDDYYYY - U.S. style month/date/year format.

* DDMMYYYY - European style date/month/year format.

* YYYYMMDD - ISO style year/month/date format.

logFacility

Facility value, as defined in RFC 3164, assigned to the log message.

Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the NetScaler appliance itself, the VPN, or external.

tcp

Log TCP messages.

acl

Log access control list (ACL) messages.

timeZone

Time zone used for date and timestamps in the logs.

Available settings function as follows:

* GMT_TIME. Coordinated Universal Time.

* LOCAL_TIME. The server?s timezone setting.

stateflag

userDefinedAuditlog

Log user-configurable log messages to nslog.

Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

appflowExport

Export log messages to AppFlow collectors.

Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

builtin

Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

lsn

Log the LSN messages

alg

Log the ALG messages

subscriberLog

Log subscriber session event information

devno

count