Citrix ADC

View PDF

Auditing policies

September 21, 2020

Contributed by:

Auditing policies determine the messages generated and logged during a Web App Firewall session. The messages are logged in SYSLOG format to the local NSLOG server or to an external logging server. Different types of messages are logged based on the level of logging selected.

To create an auditing policy, you must first create either an NSLOG server or a SYSLOG server. And then you create the policy and specify log type and the server to which logs are sent.

To create an auditing server by using the command line interface

You can create two different types of auditing server: an NSLOG server or a SYSLOG server. The command names are different, but the parameters for the commands are the same.

To create an auditing server, at the command prompt, type the following commands:

add audit syslogAction [-serverPort ] -logLevel ... [-dateFormat ( MMDDYYYY | DDMMYYYY )] [-logFacility ] [-tcp ( NONE | ALL )] [-acl ( ENABLED | DISABLED )] [-timeZone ( GMT_TIME | LOCAL_TIME )] [-userDefinedAuditlog ( YES | NO )] [-appflowExport ( ENABLED | DISABLED )]
save ns config

Example

下面的示例创建一个syslog服务器名称d syslog1 at IP 10.124.67.91, with log levels of emergency, critical, and warning, log facility set to LOCAL1, that logs all TCP connections:

             add audit syslogAction syslog1 10.124.67.91 -logLevel emergency critical warning -logFacility LOCAL1 -tcp ALL save ns config 
            

To modify or remove an auditing server by using the command line interface

To modify an auditing server, type the set auditcommand, the name of the auditing server, and the parameters to be changed, with their new values.
To remove an auditing server, type the rm auditcommand and the name of the auditing server.

Example

The following example modifies the syslog server named syslog1 to add errors and alerts to the log level:

             set audit syslogAction syslog1 10.124.67.91 -logLevel emergency critical warning alert error -logFacility LOCAL1 -tcp ALL save ns config 
            

To create or configure an auditing server by using the GUI

Navigate toSecurity>Citrix Web App Firewall>Policies>Auditing>Nslog.
In the Nslog Auditing page, clickServerstab.
Do one of the following:
- To add a new auditing server, clickAdd.
- To modify an existing auditing server, select the server, and then clickEdit.
In theCreate Auditing Serverpage, set the following parameters:
- Name
- Server Type
- IP Address
- Port
- Log Levels
- Log Facility
- Date Format
- Time Zone
- TCP Logging
- ACL Logging
- User Configurable Log Messages
- AppFlow Logging
- Large Scale NAT Logging
- ALG messages logging
- Subscriber logging
- SSL Interception
- URL Filtering
- Content Inspection Logging
ClickCreateandClose.

To create an auditing policy by using the command line interface

You can create an NSLOG policy or a SYSLOG policy. The type of policy must match the type of server. The command names for the two types of policy are different, but the parameters for the commands are the same.

At the command prompt, type the following commands:

add audit syslogPolicy <-rule >
save ns config

Example

The following example creates a policy named syslogP1 that logs Web App Firewall traffic to a syslog server named syslog1.

add audit syslogPolicy syslogP1 rule "ns_true" action syslog1save ns config

To configure an auditing policy by using the command line interface

At the command prompt, type the following commands:

set audit syslogPolicy [-rule ] [-action ]
save ns config

Example

The following example modifies the policy named syslogP1 to log Web App Firewall traffic to a syslog server named syslog2.

set audit syslogPolicy syslogP1 rule "ns_true" action syslog2save ns config

To configure an auditing policy by using the GUI

Navigate toSecurity>Citrix Web App Firewall>Policies.
In the details pane, clickAudit Nslog Policy.
In the Nslog Auditing page, clickPoliciestab and do one of the following:
- To add a new policy, clickAdd.
- To modify an existing policy, select the policy, and then clickEdit.
In theCreate Auditing Nslog Policypage, set the following parameters:
- Name
- Auditing Type
- Expression Type
- Server
ClickCreate.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Auditing policies

September 21, 2020

Contributed by:

September 21, 2020

Contributed by:

Auditing policies

To create an auditing server by using the command line interface

Example

To modify or remove an auditing server by using the command line interface

Example

To create or configure an auditing server by using the GUI

To create an auditing policy by using the command line interface

Example

To configure an auditing policy by using the command line interface

Example

To configure an auditing policy by using the GUI

In this article