Send logs to external syslog server

Send logs to external syslog server

book

Article ID: CTX483235

calendar_today

Updated On:

Description

To configure a syslog action and policy in order to send NetScaler logs to an external syslog server.

Instructions

Using CLI:

Configuring audit log action
To configure syslog action in advanced policy infrastructure by using the CLI, at the command prompt, type the following commands to set the parameters and verify the configuration: 
add audit syslogAction <name> <serverIP> [-serverPort <port>] -logLevel <logLevel> [-dateFormat ( MMDDYYYY | DDMMYYYY )] [-transport ( TCP | UDP )]

show audit syslogAction [<name>]
For example: 
add audit syslogAction Test-Splunk-Svr 9.9.9.9 -logLevel EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL

show audit syslogAction Test-Splunk-Svr

Configuring audit log policy
To add a syslog audit policy by using the CLI, at the command prompt, type: 
add audit syslogPolicy <name> TRUE <syslogAction>

show audit syslogPolicy [<name>]
For example: 
add audit syslogPolicy Test_Splunk_Pol TRUE Test-Splunk-Svr

show audit syslogPolicy Test_Splunk_Pol

Binding audit log policy
Bind the syslog audit log policy in advanced policy framework by using the CLI, at the command prompt, type: 
bind audit syslogGlobal <policyName>[-globalBindType <globalBindType>]
For example: 
bind audit syslogGlobal -policyName syslogsrvPol -priority 2 -globalBindType SYSTEM_GLOBAL

Using GUI:

Configuring audit log action (Server)
1. Navigate to Configuration > System > Auditing > Syslog.
2. Select Servers tab.
3. Click Add.
4. In the Create Auditing Server page, populate the relevant fields, and click Create.

Configuring audit log policy
6. To add the policy, select the Policies tab, and click Add.
7. In the Create Auditing Syslog Policy page, populate the relevant fields, and click Create.

Binding audit log policy
8. Navigate to Configuration > System > Auditing > Syslog.
9. Select Advanced Policy Global Bindings from the drop-down list.
10. Select the policy name and click Select.
11. From the drop-down list, select the bind point as SYSTEM_GLOBAL and click Bind, and then click Done.

Issue/Introduction

To configure a syslog action and policy using advanced policy expression in order to send NetScaler logs to an external syslog server.
Powered by Wolken Software