This article contains information about using a source IP address other than the NetScaler IP (NSIP) address to log the SYSLOG messages.

Background

You can configure a NetScaler appliance to send SYSLOG trap messages to Citrix Command Center or another third party SYSLOG system. You can do so by configuring a SYSLOG audit profile or a SYSLOG audit policy that refers to the IP address of the appliance that logs the SYSLOG trap messages.

By default, you use the NSIP address of the appliance as a source IP address for sending the SYSLOG trap messages to the appliance on which the messages are logged. This article contains a procedure to change this behavior.

Instructions

To use a source IP address other than the NSIP address to log the SYSLOG messages, complete the following procedure from the command line interface of the appliance:

1. Run the following command to create a server entity that refers to the back end SYSLOG server:
   add server Syslog_Server <Syslog_Server_IP_Address>

2. Run the following command to add a Load Balancing virtual server of UDP type with port 514:
   add lb vserver Syslog_VServer UDP <Virtual_IP_Address> 514

3. Run the following command to add a Load Balancing service of UDP type with port 514:
   add service Syslog-Service Syslog_Serivice_1 UDP 514

4. Run the following command to bind the SYSLOG service to the virtual server:
   bind lb vserver Syslog_VServer Syslog_Serivice_1

5. Run the following command to configure a SYSLOG audit profile address to refer to the Virtual_IP_Address instead of the NSIP address
   add audit syslogAction Syslog-server <Virtual_IP_Address> -logLevel ALL -logFacility LOCAL1

The preceding configuration forces the SYSLOG messages through the Load Balancing virtual server and uses the configured virtual IP address.