Jump to content
Welcome to our new Citrix community!

Does anyone know the meaning of each log facility on 10.5?

Recommended Posts

Hi everyone,


I've read Carl's article on NetScaler logging configuration and many other CTX notes but none explain the meaning of those log facilities (LOCALxxx)  when configuring syslog on NetScaler VPX 10.5. 53.22.nc




If anyone can point me in the right direction where I can find details behind each LOCALx facility I would appreciate it!

Thank you



  • Like 1
Link to comment
Share on other sites

Thanks guys, I get the facility list box; great. That made perfect sense.


Now where in NetScaler 10.5 do I specify the detail of logging; you know debug; errors; information just as it is shown on the screen shot in that CTX article:






Link to comment
Share on other sites

If you want to change the local logging behavior:

  In GUI:  Go to System > Auditing.  (Stay at the root of the node and then look in the right-pane).

   Under the syslog parameters and nslog parameters in the right-pane you can adjust the logging detail. Everything is enabled except for Debug by default.


   In CLI (related commands) :  show audit syslogparams

                set audit syslogparams

                help set audit syslogparams



For external Logging, you can create a syslog or nslog policy and bind to global system object and tune the logging level for the external log using the policy without changing the local logging behavior.  The syslog and nslog policies are what you find under System > Audit > Syslog and System > Audit > Nslog in the GUI.

Link to comment
Share on other sites

So here's what I was initially looking for; moreover I found what I would call a defect but maybe it's by design. If one selects "ALL" for the syslog level of details that is NOT all at all :) One must select "CUSTOM" and then place check marks on the individual levels of detail and THEN I see syslog messages of every significance. The "ALL" only gave me some but not all logs sent to the syslog server:





Link to comment
Share on other sites

  • 3 years later...

Unless you change the syslog settings, I believe it defaults to Local0.

You can actually segregate appfw syslog events to a separate log file (separate from regular syslog) and assign your own facility to it; this example uses Local2 and segregates the log: https://docs.citrix.com/en-us/citrix-adc/13/application-firewall/logs.html#configuring-syslog-policy-to-segregate-web-app-firewall-logs

This KB article also does the same example (but uses Local5):  https://support.citrix.com/article/CTX138973

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...