This article describes how to send Application Firewall messages to a separate Syslog Server.
A secure File transfer utility such as WinSCP
Log on to the NetScaler appliance through WinSCP.
Update the /etc/syslog.conf file and add the following line in the file: local(next number).* /var/log/appfw.log
local5.* /var/log/appfw.log
Run the following command from the command line interface of the appliance to restart the syslog PID:
kill –HUP <PID>
Run the following command from the command line interface to add a syslog action such as sysact1:
add audit syslogAction sysact1 1.1.1.1 -logLevel ALL -logFacility LOCAL2
Run the following command to add syspol1 policy, which uses sysact1 server:
add audit syslogPolicy syspol1 true sysact1Run the following command to bind the Application Firewall policy and ensure that it is saved in ns.conf file: bind audit syslogGlobal -policyName syspol1 -priority 100 -globalBindType APPFW_GLOBAL