How to Configure NSLOG for NetScaler Audit Logging
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/vs2015.min.css">
<code>This guide is to get you up and going quickly with auditing NetScaler with NSLOG server.
Preapare the Linux VM
For the Linux VM, I used CentOS 6.2 hosted on XenServer 6.0.
Install the Linux OS, give it a static IP address, load any hypervisor tools necessary.
Download the "Audit Server Utilities" from mycitrix.com. The documentation for the process by Citrix states to connect and download via FTP, but that method is no longer available.
For my Linux OS install I had to install some pre-requisites ("yum install libc.so.6").
Extract the files downloaded earlier and run the following command.
5. After the install completes, the following directories will have been created.
6. Navigate to /usr/local/netscaler/bin and run the following command to configure the NetScaler IP address and credentials in the NSLOG server.
7. Modify the IP address of the NSLOG server in the auditlog.conf file by navigating to /usr/local/netscaler/etc and use a text editor to open the auditlog.conf file. I used VI in this case. Find the line that starts with "MYIP" and add the NSLOG server's IP address.
8. Verify the syntax of auditlog.conf with the following commands.
9. Start the NSLOG server audit logging with the following command.
There are a few options to configure in the auditlog.conf if you wish, like frequency of log files, location, et... For more information about configuring the auditlog.conf http://support.citrix.com/proddocs/topic/netscaler/ns-gen-netscaler93-wrapper-con.html.
Prepare NetScaler for Auditing with NSLOG
Log in to the NetScaler and go to System \ Auditing \ Policies and then click on the "Servers" tab.
Create a new server and add the IP address of your NSLOG server with the default port of 3023.
Configure your auditing options.
Make sure you set the "Auditing Type" to NSLOG.
Click "OK" when done.
Go to the "Policies" tab.
Create a new policy by clicking on "Add".
Set the "Auditing Type" to NSLOG.
Select the server you just created and click "OK".
Click on "Global Bindings".
Click on "Insert Policy" and select the policy you just created.
Click "OK" when done.
For more information on further configuration of auditing parameters http://support.citrix.com/proddocs/topic/netscaler/ns-gen-netscaler93-wrapper-con.html.
Viewing Your Logs
Now you will start to see your logs in the default directory /usr/local/netscaler/bin, or in the directory if you chose to modify the auditlog.conf file.