Product Documentation

audit syslogAction

Sep 12, 2016

The following operations can be performed on "audit syslogAction":

add | rm | set | unset | show

add audit syslogAction

Adds a syslog action. The action contains a reference to a syslog server, and specifies which information to log and how to log that information.

Synopsys

add audit syslogAction <name> (<serverIP> | ((<serverDomainName> [-domainResolveRetry <integer>]) | -lbVserverName <string>)) [-serverPort <port>] -logLevel <logLevel> ... [-dateFormat <dateFormat>] [-logFacility <logFacility>] [-tcp ( NONE | ALL )] [-acl ( ENABLED | DISABLED )] [-timeZone ( GMT_TIME | LOCAL_TIME )] [-userDefinedAuditlog ( YES | NO )] [-appflowExport ( ENABLED | DISABLED )] [-lsn ( ENABLED | DISABLED )] [-alg ( ENABLED | DISABLED )] [-subscriberLog ( ENABLED | DISABLED )] [-transport ( TCP | UDP )] [-tcpProfileName <string>] [-maxLogDataSizeToHold <positive_integer>] [-dns ( ENABLED | DISABLED )] [-netProfile <string>]

Arguments

name

Name of the syslog action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the syslog action is added.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, ?my syslog action? or ?my syslog action).

serverIP

IP address of the syslog server.

serverDomainName

SYSLOG server name as a FQDN. Mutually exclusive with serverIP/lbVserverName

domainResolveRetry

Time, in seconds, for which the NetScaler appliance waits before sending another DNS query to resolve the host name of the syslog server if the last query failed.

Default value: 5

Minimum value: 5

Maximum value: 20939

lbVserverName

Name of the LB vserver. Mutually exclusive with syslog serverIP/serverName

serverPort

Port on which the syslog server accepts connections.

Minimum value: 1

logLevel

Audit log level, which specifies the types of events to log.

Available values function as follows:

* ALL - All events.

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

* NONE - No events.

dateFormat

Format of dates in the logs.

Supported formats are:

* MMDDYYYY. -U.S. style month/date/year format.

* DDMMYYYY - European style date/month/year format.

* YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility

Facility value, as defined in RFC 3164, assigned to the log message.

Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the NetScaler appliance itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp

Log TCP messages.

Possible values: NONE, ALL

acl

Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone

Time zone used for date and timestamps in the logs.

Supported settings are:

* GMT_TIME. Coordinated Universal time.

* LOCAL_TIME. Use the server?s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog

Log user-configurable log messages to syslog.

Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport

Export log messages to AppFlow collectors.

Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn

Log lsn info

Possible values: ENABLED, DISABLED

alg

Log alg info

Possible values: ENABLED, DISABLED

subscriberLog

Log subscriber session event information

Possible values: ENABLED, DISABLED

transport

Transport type used to send auditlogs to syslog server. Default type is UDP.

Possible values: TCP, UDP

tcpProfileName

Name of the TCP profile whose settings are to be applied to the audit server info to tune the TCP connection parameters.

maxLogDataSizeToHold

Max size of log data that can be held in NSB chain of server info.

Default value: 500

Minimum value: 50

Maximum value: 25600

dns

Log DNS related syslog messages

Possible values: ENABLED, DISABLED

netProfile

Name of the network profile.

The SNIP configured in the network profile will be used as source IP while sending log messages.

rm audit syslogAction

Removes the specified syslog action and associated configuration. Note: A syslog action cannot be removed if it is bound to a syslog policy.

Synopsys

rm audit syslogAction <name>

Arguments

name

Name of the syslog action to remove.

set audit syslogAction

Modifies the specified parameters of an existing syslog action.

Synopsys

set audit syslogAction <name> [-serverIP <ip_addr|ipv6_addr|*>] [-serverDomainName <string>] [-lbVserverName <string>] [-domainResolveRetry <integer>] [-domainResolveNow] [-serverPort <port>] [-logLevel <logLevel> ...] [-dateFormat <dateFormat>] [-logFacility <logFacility>] [-tcp ( NONE | ALL )] [-acl ( ENABLED | DISABLED )] [-timeZone ( GMT_TIME | LOCAL_TIME )] [-userDefinedAuditlog ( YES | NO )] [-appflowExport ( ENABLED | DISABLED )] [-lsn ( ENABLED | DISABLED )] [-alg ( ENABLED | DISABLED )] [-subscriberLog ( ENABLED | DISABLED )] [-tcpProfileName <string>] [-maxLogDataSizeToHold <positive_integer>] [-dns ( ENABLED | DISABLED )] [-netProfile <string>]

Arguments

name

Name of the syslog action to be modified.

serverIP

IP address of the syslog server.

serverDomainName

SYSLOG server name as a FQDN. Mutually exclusive with serverIP/lbVserverName

lbVserverName

Name of the LB vserver. Mutually exclusive with syslog serverIP/serverName

domainResolveRetry

Time, in seconds, for which the NetScaler appliance waits before sending another DNS query to resolve the host name of the syslog server if the last query failed.

Default value: 5

Minimum value: 5

Maximum value: 20939

domainResolveNow

Immediately send a DNS query to resolve the server's domain name.

serverPort

Port on which the syslog server accepts connections.

Minimum value: 1

logLevel

Audit log level, which specifies the types of events to log.

Available values function as follows:

* ALL - All events.

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

* NONE - No events.

dateFormat

Format of dates in the logs.

Supported formats are:

* MMDDYYYY. -U.S. style month/date/year format.

* DDMMYYYY - European style date/month/year format.

* YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility

Facility value, as defined in RFC 3164, assigned to the log message.

Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the NetScaler appliance itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp

Log TCP messages.

Possible values: NONE, ALL

acl

Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone

Time zone used for date and timestamps in the logs.

Supported settings are:

* GMT_TIME. Coordinated Universal time.

* LOCAL_TIME. Use the server?s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog

Log user-configurable log messages to syslog.

Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport

Export log messages to AppFlow collectors.

Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn

Log lsn info

Possible values: ENABLED, DISABLED

alg

Log alg info

Possible values: ENABLED, DISABLED

subscriberLog

Log subscriber session event information

Possible values: ENABLED, DISABLED

tcpProfileName

Name of the TCP profile whose settings are to be applied to the audit server info to tune the TCP connection parameters.

maxLogDataSizeToHold

Max size of log data that can be held in NSB chain of server info.

Default value: 500

Minimum value: 50

Maximum value: 25600

dns

Log DNS related syslog messages

Possible values: ENABLED, DISABLED

netProfile

Name of the network profile.

The SNIP configured in the network profile will be used as source IP while sending log messages.

unset audit syslogAction

Removes the settings of an existing syslog action. Attributes for which a default value is available revert to their default values. See the set audit syslogAction command for a description of the parameters..Refer to the set audit syslogAction command for meanings of the arguments.

Synopsys

unset audit syslogAction <name> [-serverPort] [-logLevel] [-dateFormat] [-logFacility] [-tcp] [-acl] [-timeZone] [-userDefinedAuditlog] [-appflowExport] [-lsn] [-alg] [-subscriberLog] [-tcpProfileName] [-maxLogDataSizeToHold] [-dns] [-netProfile]

show audit syslogAction

Displays the current configuration of the specified syslog action. If no syslog action is specified, displays a list of all syslog actions currently configured on the NetScaler appliance.

Synopsys

show audit syslogAction [<name>]

Arguments

name

Name of the syslog action.

Outputs

serverIP

IP address of the syslog server.

serverDomainName

SYSLOG server name as a FQDN. Mutually exclusive with serverIP/lbVserverName

IP

The resolved IP address of the syslog server

lbVserverName

Name of the LB vserver. Mutually exclusive with syslog serverIP/serverName

domainResolveRetry

Time, in seconds, for which the NetScaler appliance waits before sending another DNS query to resolve the host name of the syslog server if the last query failed.

serverPort

Port on which the syslog server accepts connections.

logLevel

Audit log level, which specifies the types of events to log.

Available values function as follows:

* ALL - All events.

* EMERGENCY - Events that indicate an immediate crisis on the server.

* ALERT - Events that might require action.

* CRITICAL - Events that indicate an imminent server crisis.

* ERROR - Events that indicate some type of error.

* WARNING - Events that require action in the near future.

* NOTICE - Events that the administrator should know about.

* INFORMATIONAL - All but low-level events.

* DEBUG - All events, in extreme detail.

* NONE - No events.

dateFormat

Format of dates in the logs.

Supported formats are:

* MMDDYYYY. -U.S. style month/date/year format.

* DDMMYYYY - European style date/month/year format.

* YYYYMMDD - ISO style year/month/date format.

logFacility

Facility value, as defined in RFC 3164, assigned to the log message.

Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the NetScaler appliance itself, the VPN, or external.

tcp

Log TCP messages.

acl

Log access control list (ACL) messages.

timeZone

Time zone used for date and timestamps in the logs.

Supported settings are:

* GMT_TIME. Coordinated Universal time.

* LOCAL_TIME. Use the server?s timezone setting.

stateflag

userDefinedAuditlog

Log user-configurable log messages to syslog.

Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

appflowExport

Disable export of log messages to AppFlow collectors.

builtin

Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

lsn

Log lsn info

alg

Log alg info

subscriberLog

Log subscriber session event information

transport

Transport type used to send auditlogs to syslog server. Default type is UDP.

tcpProfileName

Name of the TCP profile whose settings are to be applied to the audit server info to tune the TCP connection parameters.

maxLogDataSizeToHold

Max size of log data that can be held in NSB chain of server info.

dns

Log DNS related syslog messages

netProfile

Name of the network profile.

The SNIP configured in the network profile will be used as source IP while sending log messages.

devno

count