ADC CLI Commands

audit-syslogAction

The following operations can be performed on “audit-syslogAction”:

set unset show rm add

set audit syslogAction

Modifies the specified parameters of an existing syslog action.

Synopsis

set audit syslogAction \[-serverIP <ip\_addr|ipv6\_addr|\*>] \[-serverDomainName ] \[-lbVserverName ] \[-domainResolveRetry ] \[-domainResolveNow] \[-serverPort ] \[-logLevel ...] \[-managementlog ...] \[-mgmtlogLevel ...] \[-dateFormat ] \[-logFacility ] \[-tcp \( NONE | ALL )] \[-acl \( ENABLED | DISABLED )] \[-timeZone \( GMT\_TIME | LOCAL\_TIME )] \[-userDefinedAuditlog \( YES | NO )] \[-appflowExport \( ENABLED | DISABLED )] \[-lsn \( ENABLED | DISABLED )] \[-alg \( ENABLED | DISABLED )] \[-subscriberLog \( ENABLED | DISABLED )] \[-tcpProfileName ] \[-maxLogDataSizeToHold <positive\_integer>] \[-dns \( ENABLED | DISABLED )] \[-ContentInspectionLog \( ENABLED | DISABLED )] \[-netProfile ] \[-sslInterception \( ENABLED | DISABLED )] \[-urlFiltering \( ENABLED | DISABLED )]

Arguments

name Name of the syslog action to be modified.

serverIP IP address of the syslog server.

serverDomainName SYSLOG server name as a FQDN. Mutually exclusive with serverIP/lbVserverName

lbVserverName Name of the LB vserver. Mutually exclusive with syslog serverIP/serverName

domainResolveRetry Time, in seconds, for which the Citrix ADC waits before sending another DNS query to resolve the host name of the syslog server if the last query failed. Default value: 5 Minimum value: 5 Maximum value: 20939

domainResolveNow Immediately send a DNS query to resolve the server’s domain name.

serverPort Port on which the syslog server accepts connections. Minimum value: 1

logLevel Audit log level, which specifies the types of events to log. Available values function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

managementlog Management log specifies the categories of log files to be exported. It use destination and transport from PE params. Available values function as follows:

  • ALL - All categories (SHELL, NSMGMT and ACCESS).
  • SHELL - bash.log, and sh.log.
  • ACCESS - auth.log, nsvpn.log, vpndebug.log, httpaccess.log, httperror.log, httpaccess-vpn.log and httperror-vpn.log.
  • NSMGMT - notice.log and ns.log.
  • NONE - No logs.

mgmtlogLevel Management log level, which specifies the types of events to log. Available values function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

dateFormat Format of dates in the logs. Supported formats are:

  • MMDDYYYY. -U.S. style month/date/year format.
  • DDMMYYYY - European style date/month/year format.
  • YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility Facility value, as defined in RFC 3164, assigned to the log message. Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the Citrix ADC itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp Log TCP messages.

Possible values: NONE, ALL

acl Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone Time zone used for date and timestamps in the logs. Supported settings are:

  • GMT_TIME. Coordinated Universal time.
  • LOCAL_TIME. Use the server’s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog Log user-configurable log messages to syslog. Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport Export log messages to AppFlow collectors. Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn Log lsn info

Possible values: ENABLED, DISABLED

alg Log alg info

Possible values: ENABLED, DISABLED

subscriberLog Log subscriber session event information

Possible values: ENABLED, DISABLED

tcpProfileName Name of the TCP profile whose settings are to be applied to the audit server info to tune the TCP connection parameters.

maxLogDataSizeToHold Max size of log data that can be held in NSB chain of server info. Default value: 500 Minimum value: 50 Maximum value: 25600

dns Log DNS related syslog messages

Possible values: ENABLED, DISABLED

ContentInspectionLog Log Content Inspection event information

Possible values: ENABLED, DISABLED

netProfile Name of the network profile. The SNIP configured in the network profile will be used as source IP while sending log messages.

sslInterception Log SSL Interception event information

Possible values: ENABLED, DISABLED

urlFiltering Log URL filtering event information

Possible values: ENABLED, DISABLED

unset audit syslogAction

Removes the settings of an existing syslog action. Attributes for which a default value is available revert to their default values. See the set audit syslogAction command for a description of the parameters..Refer to the set audit syslogAction command for meanings of the arguments.

Synopsis

unset audit syslogAction [-serverPort] [-logLevel] [-dateFormat] [-logFacility] [-tcp] [-acl] [-timeZone] [-userDefinedAuditlog] [-appflowExport] [-lsn] [-alg] [-subscriberLog] [-tcpProfileName] [-maxLogDataSizeToHold] [-dns] [-ContentInspectionLog] [-netProfile] [-sslInterception] [-urlFiltering] [-managementlog] [-mgmtlogLevel]

show audit syslogAction

Displays the current configuration of the specified syslog action. If no syslog action is specified, displays a list of all syslog actions currently configured on the Citrix ADC.

Synopsis

show audit syslogAction []

Arguments

name Name of the syslog action.

Output

serverIP IP address of the syslog server.

serverDomainName SYSLOG server name as a FQDN. Mutually exclusive with serverIP/lbVserverName

IP The resolved IP address of the syslog server

lbVserverName Name of the LB vserver. Mutually exclusive with syslog serverIP/serverName

domainResolveRetry Time, in seconds, for which the Citrix ADC waits before sending another DNS query to resolve the host name of the syslog server if the last query failed.

domainResolveNow Immediately send a DNS query to resolve the server’s domain name.

serverPort Port on which the syslog server accepts connections.

logLevel Audit log level, which specifies the types of events to log. Available values function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

managementlog Management log specifies the categories of log files to be exported. It use destination and transport from PE params. Available values function as follows:

  • ALL - All categories (SHELL, NSMGMT and ACCESS).
  • SHELL - bash.log, and sh.log.
  • ACCESS - auth.log, nsvpn.log, vpndebug.log, httpaccess.log, httperror.log, httpaccess-vpn.log and httperror-vpn.log.
  • NSMGMT - notice.log and ns.log.
  • NONE - No logs.

mgmtlogLevel Management log level, which specifies the types of events to log. Available values function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

dateFormat Format of dates in the logs. Supported formats are:

  • MMDDYYYY. -U.S. style month/date/year format.
  • DDMMYYYY - European style date/month/year format.
  • YYYYMMDD - ISO style year/month/date format.

logFacility Facility value, as defined in RFC 3164, assigned to the log message. Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the Citrix ADC itself, the VPN, or external.

tcp Log TCP messages.

acl Log access control list (ACL) messages.

timeZone Time zone used for date and timestamps in the logs. Supported settings are:

  • GMT_TIME. Coordinated Universal time.
  • LOCAL_TIME. Use the server’s timezone setting.

stateflag userDefinedAuditlog Log user-configurable log messages to syslog. Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

appflowExport Disable export of log messages to AppFlow collectors.

builtin Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature The feature to be checked while applying this config

lsn Log lsn info

alg Log alg info

subscriberLog Log subscriber session event information

transport Transport type used to send auditlogs to syslog server. Default type is UDP.

tcpProfileName Name of the TCP profile whose settings are to be applied to the audit server info to tune the TCP connection parameters.

maxLogDataSizeToHold Max size of log data that can be held in NSB chain of server info.

dns Log DNS related syslog messages

netProfile Name of the network profile. The SNIP configured in the network profile will be used as source IP while sending log messages.

sslInterception Log SSL Interception event information

urlFiltering Log URL filtering event information

ContentInspectionLog Log Content Inspection event information

devno count

rm audit syslogAction

Removes the specified syslog action and associated configuration. Note: A syslog action cannot be removed if it is bound to a syslog policy.

Synopsis

rm audit syslogAction

Arguments

name Name of the syslog action to remove.

add audit syslogAction

Adds a syslog action. The action contains a reference to a syslog server, and specifies which information to log and how to log that information.

Synopsis

add audit syslogAction \( | \(\( \[-domainResolveRetry ]) | -lbVserverName )) \[-serverPort ] -logLevel ... \[-managementlog ...] \[-mgmtlogLevel ...] \[-dateFormat ] \[-logFacility ] \[-tcp \( NONE | ALL )] \[-acl \( ENABLED | DISABLED )] \[-timeZone \( GMT\_TIME | LOCAL\_TIME )] \[-userDefinedAuditlog \( YES | NO )] \[-appflowExport \( ENABLED | DISABLED )] \[-lsn \( ENABLED | DISABLED )] \[-alg \( ENABLED | DISABLED )] \[-subscriberLog \( ENABLED | DISABLED )] \[-transport \( TCP | UDP )] \[-tcpProfileName ] \[-maxLogDataSizeToHold <positive\_integer>] \[-dns \( ENABLED | DISABLED )] \[-ContentInspectionLog \( ENABLED | DISABLED )] \[-netProfile ] \[-sslInterception \( ENABLED | DISABLED )] \[-urlFiltering \( ENABLED | DISABLED )]

Arguments

name Name of the syslog action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the syslog action is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my syslog action” or ‘my syslog action’).

serverIP IP address of the syslog server.

serverDomainName SYSLOG server name as a FQDN. Mutually exclusive with serverIP/lbVserverName

domainResolveRetry Time, in seconds, for which the Citrix ADC waits before sending another DNS query to resolve the host name of the syslog server if the last query failed. Default value: 5 Minimum value: 5 Maximum value: 20939

lbVserverName Name of the LB vserver. Mutually exclusive with syslog serverIP/serverName

serverPort Port on which the syslog server accepts connections. Minimum value: 1

logLevel Audit log level, which specifies the types of events to log. Available values function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

managementlog Management log specifies the categories of log files to be exported. It use destination and transport from PE params. Available values function as follows:

  • ALL - All categories (SHELL, NSMGMT and ACCESS).
  • SHELL - bash.log, and sh.log.
  • ACCESS - auth.log, nsvpn.log, vpndebug.log, httpaccess.log, httperror.log, httpaccess-vpn.log and httperror-vpn.log.
  • NSMGMT - notice.log and ns.log.
  • NONE - No logs.

mgmtlogLevel Management log level, which specifies the types of events to log. Available values function as follows:

  • ALL - All events.
  • EMERGENCY - Events that indicate an immediate crisis on the server.
  • ALERT - Events that might require action.
  • CRITICAL - Events that indicate an imminent server crisis.
  • ERROR - Events that indicate some type of error.
  • WARNING - Events that require action in the near future.
  • NOTICE - Events that the administrator should know about.
  • INFORMATIONAL - All but low-level events.
  • DEBUG - All events, in extreme detail.
  • NONE - No events.

dateFormat Format of dates in the logs. Supported formats are:

  • MMDDYYYY. -U.S. style month/date/year format.
  • DDMMYYYY - European style date/month/year format.
  • YYYYMMDD - ISO style year/month/date format.

Possible values: MMDDYYYY, DDMMYYYY, YYYYMMDD

logFacility Facility value, as defined in RFC 3164, assigned to the log message. Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the Citrix ADC itself, the VPN, or external.

Possible values: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

tcp Log TCP messages.

Possible values: NONE, ALL

acl Log access control list (ACL) messages.

Possible values: ENABLED, DISABLED

timeZone Time zone used for date and timestamps in the logs. Supported settings are:

  • GMT_TIME. Coordinated Universal time.
  • LOCAL_TIME. Use the server’s timezone setting.

Possible values: GMT_TIME, LOCAL_TIME

userDefinedAuditlog Log user-configurable log messages to syslog. Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

Possible values: YES, NO

appflowExport Export log messages to AppFlow collectors. Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

Possible values: ENABLED, DISABLED

lsn Log lsn info

Possible values: ENABLED, DISABLED

alg Log alg info

Possible values: ENABLED, DISABLED

subscriberLog Log subscriber session event information

Possible values: ENABLED, DISABLED

transport Transport type used to send auditlogs to syslog server. Default type is UDP.

Possible values: TCP, UDP

tcpProfileName Name of the TCP profile whose settings are to be applied to the audit server info to tune the TCP connection parameters.

maxLogDataSizeToHold Max size of log data that can be held in NSB chain of server info. Default value: 500 Minimum value: 50 Maximum value: 25600

dns Log DNS related syslog messages

Possible values: ENABLED, DISABLED

ContentInspectionLog Log Content Inspection event information

Possible values: ENABLED, DISABLED

netProfile Name of the network profile. The SNIP configured in the network profile will be used as source IP while sending log messages.

sslInterception Log SSL Interception event information

Possible values: ENABLED, DISABLED

urlFiltering Log URL filtering event information

Possible values: ENABLED, DISABLED

audit-syslogAction