Home > Configuration > Audit > addauditsyslogaction

addauditsyslogaction

Use this method to adds a syslog action.
The action contains a reference to a syslog server, and specifies which information to log and how to log that information.

Syntax



Parameters

name

Name of the syslog action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the syslog action is added. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my syslog action" or 'my syslog action').
This is mandatory parameter.

serverip

IP address of the syslog server.

serverdomainname

SYSLOG server name as a FQDN. Mutually exclusive with serverIP/lbVserverName

domainresolveretry

Time, in seconds, for which the Citrix ADC waits before sending another DNS query to resolve the host name of the syslog server if the last query failed.
Default value = 5.
Minimum value = 5.
Maximum value = 20939.

lbvservername

Name of the LB vserver. Mutually exclusive with syslog serverIP/serverName

serverport

Port on which the syslog server accepts connections.
Minimum value = 1.

loglevel

Audit log level, which specifies the types of events to log. Available values function as follows: * ALL - All events. * EMERGENCY - Events that indicate an immediate crisis on the server. * ALERT - Events that might require action. * CRITICAL - Events that indicate an imminent server crisis. * ERROR - Events that indicate some type of error. * WARNING - Events that require action in the near future. * NOTICE - Events that the administrator should know about. * INFORMATIONAL - All but low-level events. * DEBUG - All events, in extreme detail. * NONE - No events.
This is mandatory parameter.

managementlog

Management log specifies the categories of log files to be exported. It use destination and transport from PE params. Available values function as follows: * ALL - All categories (SHELL, NSMGMT and ACCESS). * SHELL - bash.log, and sh.log. * ACCESS - auth.log, nsvpn.log, httpaccess.log, httperror.log, httpaccess-vpn.log and httperror-vpn.log. * NSMGMT - notice.log and ns.log. * NONE - No logs.

mgmtloglevel

Management log level, which specifies the types of events to log. Available values function as follows: * ALL - All events. * EMERGENCY - Events that indicate an immediate crisis on the server. * ALERT - Events that might require action. * CRITICAL - Events that indicate an imminent server crisis. * ERROR - Events that indicate some type of error. * WARNING - Events that require action in the near future. * NOTICE - Events that the administrator should know about. * INFORMATIONAL - All but low-level events. * DEBUG - All events, in extreme detail. * NONE - No events.

syslogcompliance

Setting this parameter ensures that all the Audit Logs generated for this Syslog Action comply with an RFC. For example, set it to RFC5424 to ensure RFC 5424 compliance

dateformat

Format of dates in the logs. Supported formats are: * MMDDYYYY. -U.S. style month/date/year format. * DDMMYYYY - European style date/month/year format. * YYYYMMDD - ISO style year/month/date format.

logfacility

Facility value, as defined in RFC 3164, assigned to the log message. Log facility values are numbers 0 to 7 (LOCAL0 through LOCAL7). Each number indicates where a specific message originated from, such as the Citrix ADC itself, the VPN, or external.

tcp

Log TCP messages.

acl

Log access control list (ACL) messages.

timezone

Time zone used for date and timestamps in the logs. Supported settings are: * GMT_TIME. Coordinated Universal time. * LOCAL_TIME. Use the server's timezone setting.

userdefinedauditlog

Log user-configurable log messages to syslog. Setting this parameter to NO causes auditing to ignore all user-configured message actions. Setting this parameter to YES causes auditing to log user-configured message actions that meet the other logging criteria.

appflowexport

Export log messages to AppFlow collectors. Appflow collectors are entities to which log messages can be sent so that some action can be performed on them.

lsn

Log lsn info

alg

Log alg info

subscriberlog

Log subscriber session event information

transport

Transport type used to send auditlogs to syslog server. Default type is UDP.

httpauthtoken

Token for authenticating with the endpoint. If the endpoint requires the Authorization header in a particular format, specify the complete format as the value to this parameter. For eg., in case of splunk, the Authorization header is required to be of the form - Splunk .

httpendpointurl

The URL at which to upload the logs messages on the endpoint

httpschemafile

HTTP Schema file to input tokens to be sent in log message to log server

tcpprofilename

Name of the TCP profile whose settings are to be applied to the audit server info to tune the TCP connection parameters.

maxlogdatasizetohold

Max size of log data that can be held in NSB chain of server info.
Default value = 500.
Minimum value = 50.
Maximum value = 25600.

dns

Log DNS related syslog messages

contentinspectionlog

Log Content Inspection event information

netprofile

Name of the network profile. The SNIP configured in the network profile will be used as source IP while sending log messages.

sslinterception

Log SSL Interception event information

streamanalytics

Export log stream analytics statistics to syslog server.

protocolviolations

Log protocol violations

denylistviolations

Log denylist violations

Return Value

Returns simpleResult

See Also


getauditsyslogaction

rmauditsyslogaction

setauditsyslogaction_acl

setauditsyslogaction_alg

setauditsyslogaction_appflowexport

setauditsyslogaction_contentinspectionlog

setauditsyslogaction_dateformat

setauditsyslogaction_denylistviolations

setauditsyslogaction_dns

setauditsyslogaction_domainresolvenow

setauditsyslogaction_domainresolveretry

setauditsyslogaction_httpauthtoken

setauditsyslogaction_httpendpointurl

setauditsyslogaction_httpschemafile

setauditsyslogaction_lbvserver

setauditsyslogaction_logfacility

setauditsyslogaction_loglevel

setauditsyslogaction_lsn

setauditsyslogaction_managementlog

setauditsyslogaction_maxlogdatasizetohold

setauditsyslogaction_mgmtloglevel

setauditsyslogaction_netprofile

setauditsyslogaction_protocolviolations

setauditsyslogaction_serverdomain

setauditsyslogaction_serverip

setauditsyslogaction_serverport

setauditsyslogaction_sslinterception

setauditsyslogaction_streamanalytics

setauditsyslogaction_subscriberlog

setauditsyslogaction_syslogcompliance

setauditsyslogaction_tcp

setauditsyslogaction_tcpprofile

setauditsyslogaction_timezone

setauditsyslogaction_userdefinedauditlog

unsetauditsyslogaction_acl

unsetauditsyslogaction_alg

unsetauditsyslogaction_appflowexport

unsetauditsyslogaction_contentinspectionlog

unsetauditsyslogaction_dateformat

unsetauditsyslogaction_denylistviolations

unsetauditsyslogaction_dns

unsetauditsyslogaction_httpauthtoken

unsetauditsyslogaction_httpendpointurl

unsetauditsyslogaction_httpschemafile

unsetauditsyslogaction_logfacility

unsetauditsyslogaction_loglevel

unsetauditsyslogaction_lsn

unsetauditsyslogaction_managementlog

unsetauditsyslogaction_maxlogdatasizetohold

unsetauditsyslogaction_mgmtloglevel

unsetauditsyslogaction_netprofile

unsetauditsyslogaction_protocolviolations

unsetauditsyslogaction_serverport

unsetauditsyslogaction_sslinterception

unsetauditsyslogaction_streamanalytics

unsetauditsyslogaction_subscriberlog

unsetauditsyslogaction_syslogcompliance

unsetauditsyslogaction_tcp

unsetauditsyslogaction_tcpprofile

unsetauditsyslogaction_timezone

unsetauditsyslogaction_userdefinedauditlog