View audit log
The NetScaler App Delivery and Security service – NetScaler managed, offers audit log capability for the applications and environments. The audit log capability enables you to view the events or logs generated by the actions such as creation, deletion, modification, deployment, and Un deployment of an application or environment. You can use the NetScaler App Delivery and Security service to track all events on Citrix environments. These messages can help you manage and monitor your application. You can use filters to search the audit log messages. The filters help you to narrow down your results and find exactly what you are looking for and in real time.
With the audit log capability:
-
You can track the activities and log in information.
-
You can filter the queries based on the required parameters and get the refined results of the action.
Prerequisites
Before accessing the audit log, you must complete the following preliminary steps:
-
Create a Citrix cloud access profile.
-
Create an application environment.
For more information, see Deliver a modern application.
Overview
When an action is done, an event is generated, we see a log entry in the Audit Log. The Audit Log view displays the records in a table with the following details:
-
The time of action.
-
The doer of the action.
-
The action that was taken on a particular resource.
-
The particular action that was taken.
-
The status of the action.
-
The message showing the details of the action.
You can filter the Audit Log view based on the following parameters:
-
The time interval at which the actions are run.
-
The particular resource name on which the actions are run.
-
The resource on which the actions are run.
-
The operation that specifies the particular action run on the resource.
-
The event source from which the events are generated.
Using the Audit Log
To access the integrated Audit Log in the NetScaler App Delivery and Security service application:
-
Sign in the NetScaler App Delivery and Security service application.
-
In the left Navigation pane, click the Audit Log.
Sort, Filter, and Search logs in the Audit Log
Use the search feature to view information about the specific actions. The filters can be applied to get a more focused view of the actions based on the time interval.
-
Sort the data by selecting the required columns.
-
Click the Add icon at the top right of the table header to add or remove columns. This launches the Add / Remove columns modal dialog.
-
To remove a column, unselect the checkbox of the required column listed under Current Columns pane in the Add / Remove columns modal dialog. Click Update. The removed column now appears under Add Columns pane.
-
To add a removed column, select the checkbox of the required column listed under Add Columns pane in the Add / Remove columns modal dialog. Click Update. The added column now appears under Current Columns pane.
-
- Sort the data by using the time interval drop-down list next to the search box. By default, the Last 1 Week option is set. The available options are PRESET TIME and CUSTOM.
-
You can sort the data to view the data in the PRESET TIME.
Under PRESET TIME, the available options are,
-
Last 1 Hour (1H), displays the data for the previous one hour.
-
Last 12 Hours (12H), displays the data for the previous 12 hours.
-
Last 1 Day (1D), displays the data for the previous day.
-
Last 1 Week (1W), displays the data for the previous week.
-
Last 1 Month (1M), displays the data for the previous month.
-
- You can also sort the data by customizing the time interval under CUSTOM. You can choose the required date and time range. Click From to select the starting range and click To for selecting the ending range of the date and time.
-
To do advanced search, you can use filters such as Event-source, Operation, Resource, and Resource name in the search box to view the specific data.
-
Click the search box and choose the required option.
-
Select the suitable operator for the chosen option. The available operators are,
- “=” equals to some value.
-
You can combine the search query by using the following logical operators:
- AND. The AND logical operator requires both the values to be true.
-
Audit Log View
The following parameters are displayed in the Audit Log table view:
TIME:
This field displays the time at which the action was taken. You can sort the audit log list based on the specific duration.
USER:
This field displays the details about the doer of the action. For example, user id, user name, or email id.
RESOURCE NAME:
This field displays the name of the resource on which the action is run.
OPERATION:
This field displays the type of operation done because of the action.
The following types of operations are supported in the NetScaler App Delivery and Security service:
-
CREATE. For example, when an action is started to create an environment.
-
DELETE. For example, when an action is started to delete an environment.
-
DEPLOY. For example, when an action is started to deploy an environment.
STATE:
This field displays the status of the action.
The following types of states are supported in the NetScaler App Delivery and Security service:
-
STARTED. For example, when an action is started to deploy an environment.
-
COMPLETED. For example, when an action is started to create an environment.
-
FAILED. For example, when an action is started but not completed during the creation of an environment.
MESSAGE:
This field displays information about the particular action.
Click View more to get more details on the action.
Self-healing actions
The self-healing actions are taken automatically by the service. The self-healing actions and the results appear as events in the audit logs view. The self-healing actions include the following.
- The automatic replacement of a faulty server. For more information, see Self-heal slow application servers.
- The blocking of a client IP address with an excessive amount of Bot or WAF violations. For more information, see SQL injection and Cross-site scripting.