Configuring ACL Logging

You can configure NetScaler Gateway to log details for packets that match an extended access control list (ACL). In addition to the ACL name, the logged details include packet-specific information, such as the source and destination IP addresses. The information is stored either in a syslog or nslog file, depending on the type of logging (syslog or nslog) that you enable.

You can enable logging at both the global level and the ACL level. However, to enable logging at the ACL level, you must also enable it at the global level. The global setting takes precedence.

To optimize logging, when multiple packets from the same flow match an ACL, only the first packet’s details are logged. The counter is incremented for every other packet that belongs to the same flow. A flow is defined as a set of packets that have the same values for the following parameters:

  • Source IP
  • Destination IP
  • Source port
  • Destination port
  • Protocol (TCP or UDP)

If the packet is not from the same flow, or if the time duration is beyond the mean time, a new flow is created. Mean time is the time during which packets of the same flow do not generate additional messages (although the counter is incremented).

Note: The total number of different flows that can be logged at any given time is limited to 10,000.

The following table describes the parameters with which you can configure ACL logging at the rule level for extended ACLs.

Parameter Name Description
Logstate State of the logging feature for the ACL. Possible values: ENABLED and DISABLED. Default: DISABLED.
Ratelimit Number of log messages that a specific ACL can generate. Default: 100.

To configure ACL logging by using the configuration utility

You can configure logging for an ACL and specify the number of log messages that the rule can generate.

  1. In the configuration utility, in the navigation pane, expand System > Network and then click ACLs.
  2. In the details pane, click the Extended ACLs tab and then click Add.
  3. In the Create Extended ACL dialog box, in Name, type a name for the policy.
  4. Select the Log State check box.
  5. In the Log Rate Limit text box, type the rate limit that you want to specify for the rule and then click Create.

After you configure ACL logging, you can enable it on NetScaler Gateway. Create an auditing policy and then bind it to a user, group, virtual server, or globally.

To enable ACL or TCP logging on NetScaler Gateway

  1. In the configuration utility, in the navigation pane, expand NetScaler Gateway > Policies > Auditing.
  2. Select either syslog or nslog.
  3. On the Servers tab, click Add.
  4. In the Create Auditing Server dialog box, in Name, type a name for the server and then configure the server settings.
  5. Click ACL Logging or TCP Logging and then click Create.
Configuring ACL Logging