Table of Contents:
Procedure to configure Citrix Netscaler for forwarding logs to Chronicle
- Using SSH, log in to your Citrix NetScaler device as a root user.
- Type the following command to add a remote syslog server:
add audit syslogAction <ActionName> <IP Address> -serverPort 11565 -logLevel Info -dateFormat DDMMYYYY
Where:
<ActionName> is a descriptive name for the syslog server action.
<IP Address> is the IP address or host name of your Google Chronicle Forwarder IP. - Type the following command to add an audit policy:
add audit syslogPolicy <PolicyName> <Rule> <ActionName>
Where:
<PolicyName> is a descriptive name for the syslog policy.
<Rule> is the rule or expression the policy uses. The only supported value is ns_true.
<ActionName> is a descriptive name for the syslog server action.
Example: add audit syslogPolicy policy-GoogleChronicle ns_true action- GoogleChronicle - Type the following command to bind the policy globally:
bind system global <PolicyName> -priority <Integer>
Where:
<PolicyName> is a descriptive name for the syslog policy.
<Integer> is a number value that is used to rank message priority for multiple policies that are communicating by using syslog.
Example: bind system global policy-Chronocle -priority 30
When multiple policies have priority (represented by a number value that is assigned to them) the lower number value is evaluated before the higher number value. - Type the following command to save the Citrix NetScaler configuration.
save config - Type the following command to verify that the policy is saved in your configuration:
sh system global
Note: For information on configuring syslog by using the Citrix NetScaler user interface, see http://support.citrix.com/article/CTX121728 or your vendor documentation. - The configuration is complete.
Comments
0 comments
Please sign in to leave a comment.