How to Configure NetScaler MAS Simplified Audit Log Management

To configure NetScaler MAS simplified audit log management:

1. Navigate to System > Auditing > Syslog Messages.

User-added image

2. Under Syslog Messages you will see audit logs messages. You can choose to filter them based on Module, Event Type, or Severity.

User-added image

Additionally, you can click within the syslog message to gather information on what kind of module, event type any particular message was.

3. Module is selected and the module (GUI) gets highlighted:

User-added image

User-added image

5. You can use that to learn what modules, or events type, or severity you want to filter with and select them from the Filter By menu on the right hand side of the screen.

User-added image

4. Event Type gets selected (CMD_EXECUTED).

Related:

Cisco Identity Services Engine Denial of Service Vulnerability

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7

Security Impact Rating: Medium

CVE: CVE-2020-3353

Related:

How can we send the Content Analysis logs to a Syslog server?

I need a solution

How can we send the Content Analysis logs to a Syslog server? Currenlty we can send the “Access logs” (Configuration -> Access Logging -> Logs -> upload client) and “Event logs” (Maintainance -> Event Logging -> Syslog ). We are using an ASG and Content Analysis also there. But I couldn’t find a configuration setting in order to send the Content anaysis log s to syslog server? Can some one pls help?

Thanks in advance!

0

1578056532

Related:

UTC offset is wrong in local time

I need a solution

Hi,

I have configured the my Timezone correclty as “Asia/Colombo” in my ASG . Im sending my access logs to a syslog files which I have configured “localtime” as the time parameter. But when I check the logs I observed that time is appearing as “[30/Dec/2019:12:12:44 +0550]”. The time value is correct. But UTC offset value is +0550 which is wring. It should be +0530. How can I change this. Actually Im sending these logs to ELK stack (Kiabana visualization) using filebeat agent. Because of the errorness in the UTC offset vaue, ELK stack shows corresponding log values with a difference of 20 minutes. 

0

1577702533

Related:

Can we use a FQDN as a Custom upload Client instead of IP

I need a solution

Hi Team,

I’m pretty new with ProxySG and I am trying to setup our Access Logging (syslog) via a an Custom CLient Facility.

Our Splunk Team requires us to connect to their “FQDN” Round Robin Load Balancer and not via specific device IP.

However it seems that on the Upload Client Optionhas only “Host IP” as an option.

Is there a way for me to use an FQDN instead? Thanks!

0

1573440676

Related:

Symantec DLP Event Code:1807 response rule process execution failed

I need a solution

Hi All,

receiving errror code : 1807, stating that the response rule process execution failed.

upon checking the Incident Persister logs, the Error executing command: syslog.

Please suggest the solution to this issue.

 and how does this affect the response rules?  

0

Related:

SEP Learned Applications – auditing application versions

I do not need a solution (just sharing information)

Hi,

We have around 80 client workstations that we’d like to audit for application version changes (e.g. firefox.exe), so that we can determine whether a specific version has been installed on all workstations for compliance.

What we really would like is to be able to syslog each time a client workstation changes the version of an application (the syslog entry would need to include the client name, executable name, version, and time).

We cannot see an obvious way to achieve this. Has anyone used SEPM for this prupose?

Cheers
Rod

0

Related:

ProxySG | Sending Accesslog to Syslog server

I need a solution

Dear All,

   I have tried to configuration ProxySG for sending accesslog to Syslog server follwoing recommend from KB url as below,

https://support.symantec.com/us/en/article.tech242216.html

Ok Proxy can sending accesslog find but when we check on Syslog server don’t have any information to show.

i understand this problem not happen on ProxySG but i would like to know accesslog format can suppot to other Syslog server ?

My customer use syslog server “Eventlog analyzer”

Thank you so much for your help.

Best Regards,

Chakuttha R.

0

1571633591

Related: