ADC CLI Commands

audit-nslogAction

The following operations can be performed on “audit-nslogAction”:

add unset show rm set

add audit nslogAction

Adds an nslog action. The action contains a reference to an nslog server and specifies which information to log and how to log that information.

Synopsis

add audit nslogAction \( | \( \[-domainResolveRetry ])) \[-serverPort ] -logLevel ... \[-dateFormat ] \[-logFacility ] \[-tcp \( NONE | ALL )] \[-acl \( ENABLED | DISABLED )] \[-timeZone \( GMT\_TIME | LOCAL\_TIME )] \[-userDefinedAuditlog \( YES | NO )] \[-appflowExport \( ENABLED | DISABLED )] \[-lsn \( ENABLED | DISABLED )] \[-alg \( ENABLED | DISABLED )] \[-subscriberLog \( ENABLED | DISABLED )] \[-sslInterception \( ENABLED | DISABLED )] \[-urlFiltering \( ENABLED | DISABLED )] \[-ContentInspectionLog \( ENABLED | DISABLED )]

Arguments

name Name of the nslog action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the nslog action is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my nslog action” or ‘my nslog action’).

serverIP IP address of the nslog server.

serverDomainName Auditserver name as a FQDN. Mutually exclusive with serverIP

domainResolveRetry Time, in seconds, for which the Citrix ADC waits before sending another DNS query to resolve the host name of the audit server if the last query failed. Default value: 5 Minimum value: 5 Maximum value: 20939

serverPort Port on which the nslog server accepts connections. Minimum value: 1

logLevel Audit log level, which specifies the types of events to log. Available settings function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

dateFormat Format of dates in the logs. Supported formats are:

  • MMDDYYYY - U.S. style month/date/year format.
  • DDMMYYYY - European style date/month/year format.
  • YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility Facility value, as defined in RFC 3164, assigned to the log message. Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the Citrix ADC itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp Log TCP messages.

Possible values: NONE, ALL

acl Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone Time zone used for date and timestamps in the logs. Available settings function as follows:

  • GMT_TIME. Coordinated Universal Time.
  • LOCAL_TIME. The server’s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog Log user-configurable log messages to nslog. Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport Export log messages to AppFlow collectors. Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn Log the LSN messages

Possible values: ENABLED, DISABLED

alg Log the ALG messages

Possible values: ENABLED, DISABLED

subscriberLog Log subscriber session event information

Possible values: ENABLED, DISABLED

sslInterception Log SSL Interception event information

Possible values: ENABLED, DISABLED

urlFiltering Log URL filtering event information

Possible values: ENABLED, DISABLED

ContentInspectionLog Log Content Inspection event information

Possible values: ENABLED, DISABLED

unset audit nslogAction

Removes the settings of an existing nslog action. Attributes for which a default value is available revert to their default values. See the set audit nslogAction command for descriptions of the parameters..Refer to the set audit nslogAction command for meanings of the arguments.

Synopsis

unset audit nslogAction [-serverPort] [-logLevel] [-dateFormat] [-logFacility] [-tcp] [-acl] [-timeZone] [-userDefinedAuditlog] [-appflowExport] [-lsn] [-alg] [-subscriberLog] [-sslInterception] [-ContentInspectionLog] [-urlFiltering]

show audit nslogAction

Displays the current configuration of the specified nslog action. If no nslog action is specified, displays a list of all nslog actions currently configured on the Citrix ADC.

Synopsis

show audit nslogAction []

Arguments

name Name of the nslog action.

Output

serverIP IP address of the nslog server.

serverDomainName Auditserver name as a FQDN. Mutually exclusive with serverIP

domainResolveRetry Time, in seconds, for which the Citrix ADC waits before sending another DNS query to resolve the host name of the audit server if the last query failed.

domainResolveNow Immediately send a DNS query to resolve the server’s domain name.

IP The resolved IP address of the auditserver

serverPort Port on which the nslog server accepts connections.

logLevel Audit log level, which specifies the types of events to log. Available settings function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

dateFormat Format of dates in the logs. Supported formats are:

  • MMDDYYYY - U.S. style month/date/year format.
  • DDMMYYYY - European style date/month/year format.
  • YYYYMMDD - ISO style year/month/date format.

logFacility Facility value, as defined in RFC 3164, assigned to the log message. Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the Citrix ADC itself, the VPN, or external.

tcp Log TCP messages.

acl Log access control list (ACL) messages.

timeZone Time zone used for date and timestamps in the logs. Available settings function as follows:

  • GMT_TIME. Coordinated Universal Time.
  • LOCAL_TIME. The server’s timezone setting.

stateflag userDefinedAuditlog Log user-configurable log messages to nslog. Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

appflowExport Export log messages to AppFlow collectors. Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

builtin Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature The feature to be checked while applying this config

lsn Log the LSN messages

alg Log the ALG messages

subscriberLog Log subscriber session event information

sslInterception Log SSL Interception event information

urlFiltering Log URL filtering event information

ContentInspectionLog Log Content Inspection event information

devno count

rm audit nslogAction

Removes the specified nslog action and associated configuration. Note: An nslog action cannot be removed if it is bound to an nslog policy.

Synopsis

rm audit nslogAction

Arguments

name Name of the nslog action to remove.

set audit nslogAction

Modifies the specified settings of an existing nslog action.

Synopsis

set audit nslogAction \[-serverIP <ip\_addr|ipv6\_addr|\*>] \[-serverDomainName ] \[-domainResolveRetry ] \[-domainResolveNow] \[-serverPort ] \[-logLevel ...] \[-dateFormat ] \[-logFacility ] \[-tcp \( NONE | ALL )] \[-acl \( ENABLED | DISABLED )] \[-timeZone \( GMT\_TIME | LOCAL\_TIME )] \[-userDefinedAuditlog \( YES | NO )] \[-appflowExport \( ENABLED | DISABLED )] \[-lsn \( ENABLED | DISABLED )] \[-alg \( ENABLED | DISABLED )] \[-subscriberLog \( ENABLED | DISABLED )] \[-sslInterception \( ENABLED | DISABLED )] \[-urlFiltering \( ENABLED | DISABLED )] \[-ContentInspectionLog \( ENABLED | DISABLED )]

Arguments

name Name of the nslog action to be modified.

serverIP IP address of the nslog server.

serverDomainName Auditserver name as a FQDN. Mutually exclusive with serverIP

domainResolveRetry Time, in seconds, for which the Citrix ADC waits before sending another DNS query to resolve the host name of the audit server if the last query failed. Default value: 5 Minimum value: 5 Maximum value: 20939

domainResolveNow Immediately send a DNS query to resolve the server’s domain name.

serverPort Port on which the nslog server accepts connections. Minimum value: 1

logLevel Audit log level, which specifies the types of events to log. Available settings function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

dateFormat Format of dates in the logs. Supported formats are:

  • MMDDYYYY - U.S. style month/date/year format.
  • DDMMYYYY - European style date/month/year format.
  • YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility Facility value, as defined in RFC 3164, assigned to the log message. Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the Citrix ADC itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp Log TCP messages.

Possible values: NONE, ALL

acl Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone Time zone used for date and timestamps in the logs. Available settings function as follows:

  • GMT_TIME. Coordinated Universal Time.
  • LOCAL_TIME. The server’s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog Log user-configurable log messages to nslog. Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport Export log messages to AppFlow collectors. Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn Log the LSN messages

Possible values: ENABLED, DISABLED

alg Log the ALG messages

Possible values: ENABLED, DISABLED

subscriberLog Log subscriber session event information

Possible values: ENABLED, DISABLED

sslInterception Log SSL Interception event information

Possible values: ENABLED, DISABLED

urlFiltering Log URL filtering event information

Possible values: ENABLED, DISABLED

ContentInspectionLog Log Content Inspection event information

Possible values: ENABLED, DISABLED

audit-nslogAction