This article describes how to create a message action that can be bound to a responder or rewrite policy that logs to syslog in NetScaler.

Instructions

Complete the following steps to create a message action that can be bound to a responder or rewrite policy that logs to syslog on the NetScaler:

1. Create a syslog server on NetScaler if needed for remote logging use.
2. NetScaler already uses 127.0.0.1 for the IP of the internal syslog server in the appliance.
3. Ensure the time zone is correctly set to local.
4. Verify TCP logging, ACL logging, and User Configurable Log Messages are enabled.
5. Create a policy that links to your preferred syslog server object.
6. Bind the syslog server object globally or to the virtual server that you are hitting.

Follow the below instructions to achieve.

1. Set audit syslogParams -userDefinedAuditlog YES
2. Add audit messageaction log-act1 CRITICAL "\"Client:\"+CLIENT.IP.SRC+\" accessed \"+HTTP.REQ.URL+\" ON \"+HTTP.REQ.LB_VSERVER.NAME"
3. Add rewrite policy rewrite_logs true NOREWRITE -logAction log-act1
4. Bind cs vserver linux_cserver -policyName rewrite_logs -priority 110 -gotoPriorityExpression END -type REQUEST