This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Auditing policies
Auditing policies determine the messages generated and logged during a Web App Firewall session. The messages are logged in SYSLOG format to the local NSLOG server or to an external logging server. Different types of messages are logged based on the level of logging selected.
To create an auditing policy, you must first create either an NSLOG server or a SYSLOG server. And then you create the policy and specify log type and the server to which logs are sent.
To create an auditing server by using the command line interface
You can create two different types of auditing server: an NSLOG server or a SYSLOG server. The command names are different, but the parameters for the commands are the same.
To create an auditing server, at the command prompt, type the following commands:
add audit syslogAction <name> <serverIP> [-serverPort <port>] -logLevel <logLevel> ... [-dateFormat ( MMDDYYYY | DDMMYYYY )] [-logFacility <logFacility>] [-tcp ( NONE | ALL )] [-acl ( ENABLED | DISABLED )] [-timeZone ( GMT_TIME | LOCAL_TIME )] [-userDefinedAuditlog ( YES | NO )] [-appflowExport ( ENABLED | DISABLED )]save ns config
Example
The following example creates a syslog server named syslog1 at IP 10.124.67.91, with log levels of emergency, critical, and warning, log facility set to LOCAL1, that logs all TCP connections:
add audit syslogAction syslog1 10.124.67.91 -logLevel emergency critical warning -logFacility
LOCAL1 -tcp ALL
save ns config
<!--NeedCopy-->
To modify or remove an auditing server by using the command line interface
- To modify an auditing server, type the set audit
<type>command, the name of the auditing server, and the parameters to be changed, with their new values. - To remove an auditing server, type the rm audit
<type>command and the name of the auditing server.
Example
The following example modifies the syslog server named syslog1 to add errors and alerts to the log level:
set audit syslogAction syslog1 10.124.67.91 -logLevel emergency critical warning alert error
-logFacility LOCAL1 -tcp ALL
save ns config
<!--NeedCopy-->
To create or configure an auditing server by using the GUI
- Navigate to Security > Citrix Web App Firewall > Policies > Auditing > Nslog.
- In the Nslog Auditing page, click Servers tab.
- Do one of the following:
- To add a new auditing server, click Add.
- To modify an existing auditing server, select the server, and then click Edit.
- In the Create Auditing Server page, set the following parameters:
- Name
- Server Type
- IP Address
- Port
- Log Levels
- Log Facility
- Date Format
- Time Zone
- TCP Logging
- ACL Logging
- User Configurable Log Messages
- AppFlow Logging
- Large Scale NAT Logging
- ALG messages logging
- Subscriber logging
- SSL Interception
- URL Filtering
- Content Inspection Logging
- Click Create and Close.
To create an auditing policy by using the command line interface
You can create an NSLOG policy or a SYSLOG policy. The type of policy must match the type of server. The command names for the two types of policy are different, but the parameters for the commands are the same.
At the command prompt, type the following commands:
add audit syslogPolicy <name> <-rule > <action>save ns config
Example
The following example creates a policy named syslogP1 that logs Web App Firewall traffic to a syslog server named syslog1.
add audit syslogPolicy syslogP1 rule "ns_true" action syslog1
save ns config
To configure an auditing policy by using the command line interface
At the command prompt, type the following commands:
set audit syslogPolicy <name> [-rule <expression>] [-action <string>]save ns config
Example
The following example modifies the policy named syslogP1 to log Web App Firewall traffic to a syslog server named syslog2.
set audit syslogPolicy syslogP1 rule "ns_true" action syslog2
save ns config
To configure an auditing policy by using the GUI
- Navigate to Security > Citrix Web App Firewall > Policies.
- In the details pane, click Audit Nslog Policy.
- In the Nslog Auditing page, click Policies tab and do one of the following:
- To add a new policy, click Add.
- To modify an existing policy, select the policy, and then click Edit.
- In the Create Auditing Nslog Policy page, set the following parameters:
- Name
- Auditing Type
- Expression Type
- Server
- Click Create.
Share
Share
In this article
- To create an auditing server by using the command line interface
- To modify or remove an auditing server by using the command line interface
- To create or configure an auditing server by using the GUI
- To create an auditing policy by using the command line interface
- To configure an auditing policy by using the command line interface
- To configure an auditing policy by using the GUI
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.