Configuring logging
Logs are crucial when troubleshooting AppFirewall issues. For AppFirewall to log any requests when one of the configured protections receives a hit, logging needs to be enabled for that specific protection. These logs are written to /var/log/ns.log. In the interest of preserving them for longer than the NetScaler logging process permits, you can also consider sending them to a syslog server through a syslog policy.
Logging works independent of blocking. To explain this, consider the following screenshot:
As a result of this configuration:
CSRF violations will both be blocked and all blocking will be logged
XSS attacks will not be blocked but you will still see log entries to warn you
SQL injection attacks will be blocked silently (not useful if you are trying to troubleshoot)
Note
Note that AppFirewall also supports CEF (Common Event Format) logging, a popular open standard for logging. Using CEF logging helps when you want to use third-party applications to aggregate your...
