Jump to content
Welcome to our new Citrix community!

Log vserver connection info


Recommended Posts

I am looking for a way to log connections to a specific Vserver and send those logs to a syslog server.  Steps I have taken:

 

1) Setup a new syslog server under syslog auditing -> Servers.

2) Create an Auding Message Action, log level set to Informational with the following expression - "Server: "+HTTP.REQ.HOSTNAME+" Client: "+CLIENT.IP.SRC+" VSERVER: "+ HTTP.REQ.LB_VSERVER.NAME + " RESPONSE_TIME "+HTTP.REQ.LB_VSERVER.RESPTIME

3) Created a responder policy, with Action as NOOP, Log action from step 2 and Expression as true.

4) Bound the at Responder Policy to the Vserver that I need connection information from.

 

I would think this would work, but the syslog server is not getting any logs.  I ran nstcpdump.sh udp dst port 514 looking for anything going to my syslog server, and nothing was going to the syslog server.  It only saw 127.0.0.1.514 traffic.

 

What am I missing?

 

TIA,

 

Keith

Link to comment
Share on other sites

No I did not, I just want logging information from specific vservers so nothing golobally bound.  I did find a document about the user configurable log messages, so I do have that checked.  I don't have syslog auditing setup, just server and message actions and a responder policy calling the message action.

syslog.png

Edited by William Olmstead
Link to comment
Share on other sites

  • 3 weeks later...

Hi William
From what you describe, it seems like your Netscaler doesn't know any routes to your syslog server (you don't see packets going out from any netscaler IP). 
If the server has been configured in UDP and the netscaler does not know its IP, it uses the Default route or the route expected for the NSIP network, with the exception of some other configuration which imposes the opposite.
So more information is needed.
Is the server's IP address on the same network as the NSIP?
Do you have PBR? 
Do you have one or more default routes? 
If there are more than one do they have different weights?
Do you have ACLs? 
Do you have associated netprofiles?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...