Jump to content
Welcome to our new Citrix community!

CEF Logging to Syslog server - Does not show date and time


Pedro Huaroto M

Recommended Posts

Hello NetScaler Team,

Enabling CEF logs (CTX136146) and sending to a Syslog server, the date and time are not displayed, but the date and time are observed in the ns.log file.

Is there a way to enable the date and time when sending the log to a Syslog server?


* Here the logs on the Syslog server (the date and time is only observed in the logs when the GUI is accessed):

 

CEF:0|Citrix|NetScaler|NS11.1|APPFW|APPFW_SIGNATURE_MATCH|6|src=192.168.10.10 spt=1486 method=GET request=http://192.168.10.107/pc/www.mtm.com/wp-content/themes/mtm/img/home/bg-about-slider-mobile@2x.jpg msg=Signature violation rule ID 20528: web-misc apache mod_proxy reverse proxy information disclosure  cn1=101590 cn2=3226 cs1=PolicyCenter1.0 cs2=PPE0 cs4=ALERT cs5=2021 cs6=web-misc act=not blocked

 

CEF:0|Citrix|NetScaler|NS11.1|APPFW|APPFW_SIGNATURE_MATCH|6|src=192.168.10.10 spt=718 method=GET request=http://192.168.10.107/pc/www.mtm.com/wp-content/themes/mtm/img/site/30-year-slide-out@2x.png msg=Signature violation rule ID 20528: web-misc apache mod_proxy reverse proxy information disclosure  cn1=101598 cn2=3229 cs1=PolicyCenter1.0 cs2=PPE0 cs4=ALERT cs5=2021 cs6=web-misc act=not blocked

 

02/04/2021:18:43:38 GMT  0-PPE-0 : default GUI CMD_EXECUTED 102310 0 :  User <unknown> - Remote_ip 192.168.219.64 - Command "login "##C7E1670D8F1100B0933FF648A66FD115A4214D97D6A8830E454E4BAD37952DBF10496CA0EB5FCBA4E2F4E0DA958A1A2D9170011384FB558A167ECE90C3674" "********"" - Status "ERROR: Session expired or killed. Please login again"

 

* Here the logs in the Netscaler, ns.log:

 

Feb  4 18:01:49 <local0.info> 192.168.219.64 CEF:0|Citrix|NetScaler|NS11.1|APPFW|APPFW_SIGNATURE_MATCH|6|src=192.168.10.10 spt=50907 method=GET request=http://192.168.10.107/pc/www.mtm.com/wp-content/themes/mtm/img/home/icon-security@2x.png msg=Signature violation rule ID 20528: web-misc apache mod_proxy reverse proxy information disclosure  cn1=249144 cn2=4525 cs1=PolicyCenter1.0 cs2=PPE0 cs4=ALERT cs5=2021 cs6=web-misc act=not blocked

 

Feb  4 18:01:49 <local0.info> 192.168.219.64 CEF:0|Citrix|NetScaler|NS11.1|APPFW|APPFW_SIGNATURE_MATCH|6|src=192.168.10.10 spt=50139 method=GET request=http://192.168.10.107/pc/www.mtm.com/wp-content/themes/mtm/img/home/icon-virtualization@2x.png msg=Signature violation rule ID 20528: web-misc apache mod_proxy reverse proxy information disclosure  cn1=249145 cn2=4526 cs1=PolicyCenter1.0 cs2=PPE0 cs4=ALERT cs5=2021 cs6=web-misc act=not blocked

 

Feb  4 18:16:00 <local0.info> 192.168.219.64 02/04/2021:23:16:00 GMT  0-PPE-0 : default GUI CMD_EXECUTED 257463 0 :  User nsroot - Remote_ip 192.168.10.10 - Command "show ns hardware" - Status "Success"

 

Thanks you

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...