Objective is to generate Custom Logs on ADC in terms of the Action Required and then share it to SYSLOG.

Instructions

Currently We are Generating specific Log Message which includes the IP of the Client which accessed the URL from Location.

Using CLI:

• First we need to Create a Message Log Action which contains the Message which will be Generated using below Command. 
• add audit messageaction NameOfTheMessageAction INFORMATIONAL "CLIENT.IP.SRC + \" Tried to access \" + HTTP.REQ.URL + \" from \" + CLIENT.IP.SRC.LOCATION" -logtoNewnslog YES
• Above INFORMATIONAL stands for Severity of Generated Log. 
• Also CLIENT.IP.SRC stands for the Client's IP, HTTP.REQ.URL stands for the URL which the Client have accessed and CLIENT.IP.SRC.LOCATION stands for the Location from which the client is accessing the URL.
• (You can Modify the above Expression as per your recommendation.)
• Post adding the Message Action you need to create a Responder Policy with Noop Action with above Audit Action attached which will just trigger the Log.
• add responder policy NameOfTheResponderPolicy True NOOP -logAction NameOfTheMessageAction
• Post creating the Responder Policy you can Bind it accordingly either to any V-Server or Globally, currently we are Binding it globally using below Command.
• bind responder global NameOfTheResponderPolicy 10 NEXT -type REQ_OVERRIDE
• Post Binding the Responder Policy Globally we need to create a SYSLOG Policy and then Bound it Globally using below Commands.
• add audit syslogAction NameOfTheSYSLOGAction X.X.X.X -logLevel INFORMATIONAL -userDefinedAuditlog YES
• You can include other Log Level with the SYSLOG but make sure you include INFORMATIONAL also X.X.X.X stands for the IP Address of the SYSLOG Server.
• add audit syslogPolicy NameOfTheSYSLOGPolicy True NameOfTheSYSLOGAction
• bind audit syslogGlobal -policyName NameOfTheSYSLOGPolicy -priority 10

USING GUI:

• Navigate to to Configuration > System > Auditing > Message Actions and create a Message Action by Clicking Add.
• 
• Post which create a Responder Policy by Navigating to Configuration > AppExpert > Responder > Policy and click Add to create a Responder Policy.
• 
• Post which we need to bind the Responder Policy Globally by Navigating to Configuration > AppExpert > Responder > Policy and click Policy Manager at the Top.
• Post which Select the below Options and Click Continue.
• 
• Then Click on Add Bindings and then Select the Policy Created with Priority 10 and Next as the Goto Expression and then Click Bind.
• 
• Post which Navigate to Configuration > System > Auditing > SYSLOG to add the SYSLOG Action and Policy.
• And then Select Servers from the Top to Add the SYSLOG Server and click Add.
• Add the required SYSLOG IP information and select below Options under Log Levels.
• 
• Click Create and then Navigate to Policy under SYSLOG Auditing and create a Policy by clicking Add.
• 
• Make sure to Select Advanced Policy and Select the Server created in the Previous Step and Click Create.
• Post which we need to Bind the Policy Globally by Navigating to Configuration > System > Auditing > Syslog.
• Post which click Select Action from the Top and select Advance Policy Global Bindings and Click Add Bindings.
• 
• Select the SYSLOG Policy and click Bind.

Post which you will be able to see Logs on your SYSLOG Servers.