I'm looking for a way to modify the syslog messages sent from my Citrix Netscaler/ADC before they reach a third-party receiver, mainly to maintain privacy. Is there any method to remove specific content from the logs? Additionally, I found this command that seems relevant: `add audit syslogAction [-serverPort ] -logLevel [-dateFormat (MMDDYYYY | DDMMYYYY)] [-transport (TCP | UDP)] [-syslogcompliance ]`. Does using RFC5424 mean that each log message will start with an octet count indicating the message's length? Any advice would be greatly appreciated!
2 Answers
What exactly do you need to remove from the logs? Keep in mind that you can customize which syslogs get sent out right from the source by adjusting the audit policies and SNMP traps. That said, if you're facing issues with `n` being interpreted as the end of the message, switching to RFC5424 should help, as it should include an octet count with each log entry.
I’m not super familiar with the specifics, but you might want to check out using regex to remove unwanted parts from your syslog entries once you know how to set things up to filter them out. Good luck with it!
Thanks for the info! I need to get rid of the `n` characters since they’re causing issues with how my log receiver processes them. Just trying to figure out if using RFC5424 will help with that as well.