Configuring syslog on instances

The syslog protocol provides a transport to allow the Citrix ADC instances to send event notification messages to Citrix ADM, which is configured as a collector or the syslog server for these messages.

You can monitor the syslog events generated on your Citrix ADC instances if you have configured your device to redirect all syslog messages to Citrix ADM. To monitor syslog events, you need to first configure Citrix ADM as the syslog server for your Citrix ADC instance. After the instance is configured, all the syslog messages are redirected to Citrix ADM, so that these logs can be displayed to the user in a structured manner.

Syslog uses the User Datagram Protocol (UDP), port 514, for communication, and because UDP is a connectionless protocol it does not provide any acknowledgment back to the instances. The syslog packet size is limited to 1024 bytes and carries the following information:

• Facility
• Severity
• Host name
• Timestamp
• Message

In Citrix ADM, you must configure facility and log severity levels on the instances.

• Facility - Syslog messages are broadly categorized on the basis of the sources that generate them. These sources can be the operating system, the process, or an application. These categories are called facilities and are represented by integers. For example, 0 is used by kernel messages, 1 is used by user-level messages, 2 is used by the mail system, and so on. The local use facilities (from local0 to local7) are not reserved and are available for general use. Hence, the processes and applications that do not have pre-assigned facility values can be directed to any of the eight local use facilities.

• Severity - The source or facility that generates the syslog message also specifies the severity of the message using a single-digit integer, as shown below:

   1 - Emergency: System is unusable.
  
   2 - Alert: Action must be taken immediately.
  
   3 - Critical: Critical conditions.
  
   4 - Error: Error conditions.
  
   5 - Warning: Warning conditions.
  
   6 - Notice: Normal but significant condition.
  
   7 - Informational: Informational messages.
  
   8 - Debug: Debug-level messages.