This post shows how to use Message Actions in NetScaler for troubleshooting and logging HTTP Headers.
The message action should be triggered by a Rewrite, Responder or Content switch policy.
Note that these global settings needs to be set in order for Message Action to work properly:
NS CLI:
|
1 2 3 4 |
set audit syslogParams -logLevel ALL -userDefinedAuditlog YES set audit nslogParams -userDefinedAuditlog YES |
Specific example on logging access to Content Switch
|
1 2 3 4 5 6 7 |
add audit messageaction audit-act-log-cs-access NOTICE ""Content switch policy hit for load-balanced-vserver:"+HTTP.REQ.LB_VSERVER.NAME+" ClientIP: "+CLIENT.IP.SRC+" issued a "+HTTP.REQ.METHOD+" request for "+HTTP.REQ.HEADER("Host")+HTTP.REQ.URL.HTTP_URL_SAFE" -bypassSafetyCheck YES add rewrite policy rw-pol-log-cs-access HTTP.REQ.IS_VALID NOREWRITE -logAction audit-act-log-cs-access bind cs vserver cs-vs-https-default-ext -policyName rw-pol-log-cs-access -priority 5 -gotoPriorityExpression NEXT -type REQUEST |
Use the below to log Request Side Headers
|
1 2 3 |
add auditmessageaction audit-log-full-req-headers INFORMATIONAL HTTP.REQ.FULL_HEADER.AFTER_STR("rn") -BypassSafetyCheck Yes |
Use the below to log Response Side Headers
|
1 2 3 |
add auditmessageaction audit-log-full-res-headers INFORMATIONAL HTTP.RES.FULL_HEADER.AFTER_STR("rn") -BypassSafetyCheck Yes |
Screenshot of configuration example
