Configuring logging

Logs are crucial when troubleshooting AppFirewall issues. For AppFirewall to log any requests when one of the configured protections receives a hit, logging needs to be enabled for that specific protection. These logs are written to /var/log/ns.log. In the interest of preserving them for longer than the NetScaler logging process permits, you can also consider sending them to a syslog server through a syslog policy.

Logging works independent of blocking. To explain this, consider the following screenshot:

Configuring logging

As a result of this configuration:

  • CSRF violations will both be blocked and all blocking will be logged
  • XSS attacks will not be blocked but you will still see log entries to warn you
  • SQL injection attacks will be blocked silently (not useful if you are trying to troubleshoot)

Note

Note that AppFirewall also supports CEF (Common Event Format) logging, a popular open standard for logging. Using CEF logging helps when you want to use third-party applications to aggregate your logs. The command is set AppFirewall settings CEFLogging ON.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset