How to enable ACL logging for extended ACLs

How to enable ACL logging for extended ACLs

book

Article ID: CTX575018

calendar_today

Updated On:

Description

This article is a guidance on how enable ACL logging for Extended ACL(Simple ACL does not have this function).

Instructions

  1. Enable "Log State" on Extended ACL setting, the ACL need to be applied after creating.
image.png
  1. Enable "ACL Logging" on syslog server setting.
  • If there is not an external syslog server configured, 
  • The setting needs to be changed from GUI "System>Auditing>Settings>Change Auditing Syslog Settings".
image.png

Below is example log for ACL logging.Please test and verify the change before implementation.
Aug 22 07:28:58 <local0.info> *.*.*.*  08/22/2023:07:28:58 GMT  0-PPE-0 : default ACL ACL_PKT_LOG 4877 0 :  Source *.*.*.*:5***0 --> Destination *.*.*.*:80 - Protocol TCP - TimeStamp 106625214(ms) - Hitcount 0 - Hit Rule testDeny - Action DENY - Data 02 04 04 a3 *****
Aug 22 07:28:58 <local0.info> *.*.*.*  08/22/2023:07:28:58 GMT  0-PPE-0 : default ACL ACL_PKT_LOG 4878 0 :  Source *.*.*.*:5***9 --> Destination *.*.*.*:80 - Protocol TCP - TimeStamp 106625215(ms) - Hitcount 0 - Hit Rule testDeny - Action DENY - Data 02 04 04 a3 *****

Additional Information

https://docs.netscaler.com/en-us/citrix-gateway/current-release/maintain-monitor/ns-maintain-auditing-configure-overview-con/ns-maintain-auditing-acl-tcp-logging-tsk.html

https://support.citrix.com/article/CTX222945/how-to-enable-debug-log-level-for-syslog-events-on-the-netscaler
Powered by Wolken Software