Auditing authenticated sessions

September 21, 2020

Contributed by:

You can configure the Citrix ADC appliance to keep a log of all the events that are triggered in an authenticated session. Using this information, you can audit state and status information, to see the history for users in chronological order.

To do this, define an audit policy that specifies the following:

日志类型。The logs can be stored remotely (syslog) or locally on the Citrix ADC appliance (nslog).
Rule.The conditions on which the logs are stored.
Action.Details of the log server and other details for creating the log entries.

This audit policy can be configured at different levels: user-level, group-level, authentication, authorization, and auditing virtual server, and global system level. The policies configured at the user-level have the highest priority.

Note

This topic details steps for using syslog. Make necessary changes to use nslog.

To configure syslog auditing by using the CLI

Configure the audit server with the relevant log settings.
ns-cli-prompt>add audit syslogAction …
Configure the audit policy by associating the audit server.
ns-cli-prompt>add audit syslogPolicy
Associate the audit policy with one of the following entities:
- 绑定的政策to a specific user.
  ns-cli-prompt>bind aaa user-policy …
- 绑定的政策to a specific group.
  ns-cli-prompt>bind aaa group -policy …
- 绑定的政策to a authentication, authorization, and auditing virtual server.
  ns-cli-prompt>bind authentication vserver -policy …
- 绑定的政策globally to the Citrix ADC appliance.
  ns-cli-prompt>bind tm global-policyName …

To configure syslog auditing by using the GUI (Configuration tab)

Configure the audit server and policy.
Navigate toSecurity > AAA - Application Traffic > Policies > Auditing > Syslog, and configure the server and the policy in the relevant tabs.
Associate the policy with one of the following:
- 绑定的政策to a specific user.
  Navigate toSecurity > AAA - Application Traffic > Users, and associate the authorization policy with the relevant user.
- 绑定的政策to a specific group.
  Navigate toSecurity > AAA - Application Traffic > Groups, and associate the authorization policy with the relevant group.
- 绑定的政策to a authentication, authorization, and auditing virtual server.
  Navigate toSecurity > AAA - Application Traffic > Virtual Servers, and associate the authorization policy with the relevant virtual server.
- 绑定的政策globally to the Citrix ADC appliance.
  Navigate toSecurity > AAA - Application Traffic > Policies > Auditing > SyslogorNslog, select the authorization policy, and clickAction > Global Bindingsto bind the policy globally.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Auditing authenticated sessions

September 21, 2020

Contributed by:

September 21, 2020

Contributed by:

Auditing authenticated sessions

To configure syslog auditing by using the CLI

To configure syslog auditing by using the GUI (Configuration tab)

In this article