You are on page 1of 124

Citrix NetScaler Administration Guide

Citrix® NetScaler® 9.1

Copyright and Trademark Notice © CITRIX SYSTEMS, INC., 2009. ALL RIGHTS RESERVED. NO PART OF THIS DOCUMENT MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK (SUCH AS TRANSLATION, TRANSFORMATION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTEN PERMISSION OF CITRIX SYSTEMS, INC. ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE ACCURATE, IT IS PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE ALL RESPONSIBILITY FOR THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS MANUAL. CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT MAY OCCUR DUE TO THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS DOCUMENT. INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. COMPANIES, NAMES, AND DATA USED IN EXAMPLES ARE FICTITIOUS UNLESS OTHERWISE NOTED. The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radiofrequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. Modifying the equipment without Citrix' written authorization may result in the equipment no longer complying with FCC requirements for Class A digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense. You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the NetScaler Request Switch™ 9000 Series equipment. If the NetScaler equipment causes interference, try to correct the interference by using one or more of the following measures: Move the NetScaler equipment to one side or the other of your equipment. Move the NetScaler equipment farther away from your equipment. Plug the NetScaler equipment into an outlet on a different circuit from your equipment. (Make sure the NetScaler equipment and your equipment are on circuits controlled by different circuit breakers or fuses.) Modifications to this product not authorized by Citrix Systems, Inc., could void the FCC approval and negate your authority to operate the product. BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, WANScaler, Citrix XenApp, and NetScaler Request Switch are trademarks of Citrix Systems, Inc. Linux is a registered trademark of Linus Torvalds. Internet Explorer, Microsoft, PowerPoint, Windows and Windows product names such as Windows NT are trademarks or registered trademarks of the Microsoft Corporation. NetScape is a registered trademark of Netscape Communications Corporation. Red Hat is a trademark of Red Hat, Inc. Sun and Sun Microsystems are registered trademarks of Sun Microsystems, Inc. Other brand and product names may be registered trademarks or trademarks of their respective holders. Software covered by the following third party copyrights may be included with this product and will also be subject to the software license agreement: Copyright 1998 © Carnegie Mellon University. All rights reserved. Copyright © David L. Mills 1993, 1994. Copyright © 1992, 1993, 1994, 1997 Henry Spencer. Copyright © Jean-loup Gailly and Mark Adler. Copyright © 1999, 2000 by Jef Poskanzer. All rights reserved. Copyright © Markus Friedl, Theo de Raadt, Niels Provos, Dug Song, Aaron Campbell, Damien Miller, Kevin Steves. All rights reserved. Copyright © 1982, 1985, 1986, 1988-1991, 1993 Regents of the University of California. All rights reserved. Copyright © 1995 Tatu Ylonen, Espoo, Finland. All rights reserved. Copyright © UNIX System Laboratories, Inc. Copyright © 2001 Mark R V Murray. Copyright 1995-1998 © Eric Young. Copyright © 1995,1996,1997,1998. Lars Fenneberg. Copyright © 1992. Livingston Enterprises, Inc. Copyright © 1992, 1993, 1994, 1995. The Regents of the University of Michigan and Merit Network, Inc. Copyright © 1991-2, RSA Data Security, Inc. Created 1991. Copyright © 1998 Juniper Networks, Inc. All rights reserved. Copyright © 2001, 2002 Networks Associates Technology, Inc. All rights reserved. Copyright (c) 2002 Networks Associates Technology, Inc. Copyright 19992001© The Open LDAP Foundation. All Rights Reserved. Copyright © 1999 Andrzej Bialecki. All rights reserved. Copyright © 2000 The Apache Software Foundation. All rights reserved. Copyright (C) 2001-2003 Robert A. van Engelen, Genivia inc. All Rights Reserved. Copyright (c) 1997-2004 University of Cambridge. All rights reserved. Copyright (c) 1995. David Greenman. Copyright (c) 2001 Jonathan Lemon. All rights reserved. Copyright (c) 1997, 1998, 1999. Bill Paul. All rights reserved. Copyright (c) 1994-1997 Matt Thomas. All rights reserved. Copyright © 2000 Jason L. Wright. Copyright © 2000 Theo de Raadt. Copyright © 2001 Patrik Lindergren. All rights reserved. Last Updated: June 2009

C ONTENTS

Contents

Preface
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i New in This Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Formatting Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Related Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Getting Service and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Knowledge Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv Silver and Gold Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv Education and Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v

Chapter 1

Citrix NetScaler Authentication and Authorization
Defining Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Defining Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Command Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Resetting the Default Administrator (nsroot) Password . . . . . . . . . . . . . . . . . . . . .11 Examples of User Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Chapter 2

SNMP
Importing MIB Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Defining SNMP Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Configuring SNMP V1 and V2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Adding an SNMP Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Removing an SNMP Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Configuring SNMP Traps and Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Configuring SNMP V3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 Salient Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 SNMPv3 Security Entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Configuring SNMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

. . . .43 Installing Audit Server on the FreeBSD Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Audit Server Options.60 Enabling or Disabling Web Server Logging. . . . . . . . . . . . .42 Uninstalling Audit Server on the Linux Operating System . . . . . . . . . .47 Defining Log Properties . . . . . . . . . . . . . . . . . . . . . .48 Default Settings for the Log Properties. . . . . . . . . . . .62 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Uninstalling Audit Server on the FreeBSD Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iv Citrix NetScaler Administration Guide Chapter 3 Audit Server Logging Configuring the Citrix NetScaler Audit Server Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Configuring Audit Server Logging for a Commonly Used Deployment Scenario. . . . . . . . . . . . . . . . . . .52 Stopping Audit Server Logging .45 Configuring Audit Server Logging on a Server system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Uninstalling Audit Server on the Windows Operating System . . . . . . . . . .59 Configuring Web Server Logging Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Configuring Audit Server Action and Policy . . . . . . . . . . . . . . . . . . . . . . . . .52 Sample Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Installing Audit Server on the Windows Operating System . .41 Installing the Audit Server Files . . . . . . . . . . . . . .47 Defining Filters . .42 Installing Audit Server on the Linux Operating System . . . . . . . . . . . . . . .60 Displaying Web Server Logging Information . . .54 Chapter 4 Web Server Logging How Web Server Logging Works . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Modifying the Default Buffer Size . . . . . . . . . . . . . . .61 System Requirements for Web Server Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52 Starting Audit Server Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51 Verifying Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Globally Binding the Audit Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 Adding the IP Addresses of the System . .52 Checklist for Configuring Audit Server Logging. . . . . . . .38 Configuring Global Audit Server Parameters. . . . . . . . . . .

. . . . . . . . . . . . .67 NSWL Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103 Working with Charts . . . . . . . . . . . . . . . . . . .75 Sample Configuration File . . . . . .71 Adding the IP Addresses of the NetScaler . . .95 Configuring Selective Acknowledgement . . . . . . . . . . .74 Verifying the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .108 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94 The NetScaler in Transparent Mode . . . .91 Path Maximum Transmission Unit Discovery. . . . . . . . . . . . . . . . . .64 Installing NSWL on a FreeBSD Operating System . . . . . . . . . . . . . . . . . . . . . . . . .89 Configuring Clock Synchronization Using the Configuration Utility or the CLI . . . .97 Clearing the Configuration . . . . . . . . . .69 Defining Log Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 Apache Log Formats . . . . . . .63 Installing NSWL on a Solaris Operating System . . . . . . . . . . . . . . . . . . . . . . . . . .101 Working with Reports . . . . . . . . . . . .66 Installing NSWL on an AIX Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 Custom Log Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65 Installing NSWL on a Windows Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88 Checklist for Configuring Web Server Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Installing NSWL on a Linux Operating System. . . . . . . . . . . . . . . . . .94 The NetScaler in End-Point Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 Installing NSWL on a MAC Operating System . . . . . . . .94 Enabling or Disabling PMTU Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents v Installing the NSWL files on the Logging System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Log File Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88 Chapter 5 Advanced Configurations Configuring Clock Synchronization. . . . . . . . . . . . . . . . . . .106 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98 Chapter 6 Reporting Tool Using the Reporting Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Configuring Clock Synchronization Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Stopping Web Server Logging . . . . . . . . . . . . . . . . . . . . . . .95 Configuring TCP Window Scaling . . . . . . . . . . . . . . . . . .74 Starting Web Server Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 Configuring Web Server Logging on the Logging System . . . . . . . . . . . . . . . . . . . .68 Modifying the Web Server Log Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . .111 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vi Citrix NetScaler Administration Guide How Data Collection Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 Stopping and Starting the Data Collection Utility .110 Importing Data from the newnslog File . . . . . .

” Configure authentication and authorization to manage access to the NetScaler and different parts of the NetScaler configuration.P REFACE Preface Before you begin to manage and monitor your Citrix NetScaler. and NTP. “SNMP. Audit server Logging. V2. Chapter 2. and ways to send us feedback. learn how to configure audit server logging on a server system and for a deployment scenario. “Citrix NetScaler Authentication and Authorization. SNMP. “Audit Server Logging. such as command policies. take a few minutes to review this chapter and learn about related documentation. Web Server Logging. other support options. Also.” Learn how SNMP works with NetScaler and how to configure SNMP V1. In This Preface About This Guide New in This Release Audience Formatting Conventions Related Documentation Getting Service and Support Documentation Feedback About This Guide The Citrix NetScaler Administration Guide provides a conceptual reference and instructions for managing and monitoring the NetScaler using built-in features.” Configure the NetScaler audit server log to log and monitor the NetScaler states and status information. This guide provides the following information: • Chapter 1. Chapter 3. and V3 on NetScaler. • • .

“Advanced Configurations. see the Citrix NetScaler 9. NetScaler 9. “Web Server Logging.1 nCore Release Notes.1 nCore Technology is a new software release that uses CPU cores for packet handling and greatly improves the performance of many NetScaler features. Also.1 and NetScaler 9. • New in This Release NetScaler 9.1 nCore. “Reporting Tool. Chapter 6.” Configure web server log to maintain a history of the page requests that originate from the NetScaler.” Learn how to set advanced configurations. and terminology.1 nCore supports features in this guide unless specified otherwise. such as NTP. FileName in a command means you type the actual name of a file. Chapter 5. and words referred to as words (which would otherwise be enclosed in quotation marks). Audience This guide is intended for the following audience: • • system administrators network administrators The concepts and tasks described in this guide require you to have a basic understanding of network design.” Learn how to use the Reporting tool to view performance statistics as reports with graphs that are based on statistics collected by the nscollect utility. PMTU. and autodetected services. operation. Formatting Conventions This documentation uses the following formatting conventions. new terms. . Placeholders for information or parameters that you provide. For a summary of the features that are not supported in NetScaler 9. on the NetScaler. elements in the user interface. For example. Formatting Conventions Convention Boldface Italics Meaning Information that you type exactly as shown (user input).ii Citrix NetScaler Administration Guide • • Chapter 4.

log on to the NetScaler.) To view the documentation 1. Our CSN partners are trained and authorized to provide a high level of support to our customers.com/. | (vertical bar) A separator between options in braces or brackets in command statements. Getting Service and Support Citrix provides technical support primarily through the Citrix Solutions Network (CSN). Click the Documentation tab. 2. (Most of the documents require Adobe Reader.Preface iii Formatting Conventions Convention Monospace Meaning System output or characters in a command line. For example. Contact your supplier for first-line support. . click the title. or check for your nearest CSN partner at http://support. available at http://adobe. To view a short description of each document. in the following command. hover your cursor over the title. To open a document.citrix. but it is not required: add lb vserver name serviceType IPAddress port [-range positiveInteger] [ brackets ] Do not type the brackets themselves. the following indicates that you choose one of the following load balancing methods: lbMethod = ( ROUNDROBIN | LEASTCONNECTION | LEASTRESPONSETIME | URLHASH | DOMAINHASH | DESTINATIONIPHASH | SOURCEIPHASH | SRCIPDESTIPHASH | LEASTBANDWIDTH | LEASTPACKETS | TOKEN | SRCIPSRCPORTHASH | LRTM | CALLIDHASH | CUSTOMLOAD ) Related Documentation A complete set of documentation is available on the Documentation tab of your NetScaler and from http://support.com/. For example.com/. [-range positiveInteger] means that you have the option of entering a range. User input and placeholders also are formatted using monspace text. From a Web browser. 3.citrix. Optional items in command statements.

and advanced replacement for materials.com/. On the Support menu. Technical support is available at the following times: .citrix.iv Citrix NetScaler Administration Guide You can also get support from Citrix Customer Service at http://citrix. This option provides basic coverage hours. Knowledge Center features include: • • • • • A knowledge base containing thousands of technical solutions to support your Citrix environment An online product documentation library Interactive support forums for every Citrix product Access to the latest hotfixes and service packs Knowledge Center Alerts that notify you when a topic is updated Note: To set up an alert. under Products. In the upper-right section of the screen. Silver Maintenance Option The Silver maintenance option provides unlimited system support for one year. To remove an alert. click Add to your Hotfix Alerts. four named contacts. you receive documentation with special Citrix Technical Support numbers you can call. click Remove from your Hotfix Alerts. Knowledge Center The Knowledge Center offers a variety of self-service. one assigned support account manager for nontechnical relations management.com/. • • Security bulletins Online problem reporting and tracking (for organizations with valid support contracts) Silver and Gold Maintenance In addition to the standard support options. Web-based technical support tools at http://support. under Tools.citrix. Silver and Gold maintenance options are available.com/ and. under Tools. click Customer Service. If you purchase either of these options. go to the Knowledge Center product and. select a specific product. sign in at http://support.

Eastern Time.com.M. send email to ccdocs_feedback@citrix. . Education and Training Citrix offers a variety of instructor-led and Web-based training solutions. and product release version. Citrix Customer Care. to 6 P. 7 days a week. Middle East. and the Caribbean: 8 A.M. to 9 P. Australian Eastern Standard Time (AEST).S. Support is available 24 hours a day. Monday through Friday Australia and New Zealand: 8 A. • • • For NetScaler documentation. In the subject line.M.M. to 6 P.com. Monday through Friday Gold Maintenance Option The Gold maintenance option provides unlimited system support for one year.” Be sure to include the document name. For Command Center documentation. and from the Citrix Web site.M. Monday through Friday Asia (excluding Japan): 8 A. resellers. send email to nsdocs_feedback@citrix. Hong Kong Time. page number.M.M. and Africa: 8 A.com. Documentation Feedback You are encouraged to provide feedback and suggestions so that we can enhance the documentation. You can send email to the following alias or aliases. U. For Access Gateway documentation. There is one assigned support account manager for nontechnical relations management.com. to 6 P. Latin America. or a member of the Citrix Solutions Advisors program for more information.citrixtraining. CALCs provide high-quality classroom learning using professional courseware developed by Citrix. send email to agdocs_feedback@citrix.Preface v • • • • North America. Coordinated Universal Time (Greenwich Mean Time). specify “Documentation Feedback. as appropriate. Many of these courses lead to certification. Information about programs and courseware for Citrix training and certification is available at http://www. Web-based training courses are available through CALCs.M. Monday through Friday Europe. Instructor-led courses are offered through Citrix Authorized Learning Centers (CALCs). You can also contact your sales representative. and there are six named contacts.

On the Documentation tab. 3. complete the form. under Products. and then click Submit. Go to the Knowledge Center home page at http://support.1. click NetScaler Application Delivery. and click NetScaler Application Delivery Software 9.com/.com/. 4. To provide feedback from the Knowledge Center home page 1. On the Documentation Feedback page.vi Citrix NetScaler Administration Guide You can also provide feedback from the Knowledge Center at http:// support.citrix. and then click Article Feedback. On the Knowledge Center home page. . 2. click the guide name.citrix.

In This Chapter Defining Users Defining Groups Command Policies Resetting the Default Administrator (nsroot) Password Examples of User Scenarios Defining Users Once you have changed the default password. Command policies allow you to define what parts of the NetScaler configuration a user or group is permitted to access and modify. After you have defined your users by creating accounts for them. command policies regulate which commands. After you have defined the users. no user can access the NetScaler until you create an account for that user. you first define the users who have access to the NetScaler.The users and groups functions allow you to define who has access to the NetScaler. and assign the policies to users and/or groups. you might have to change passwords or remove user accounts.C HAPTER 1 Citrix NetScaler Authentication and Authorization NetScaler authentication and authorization functions are of two basic types. command groups. In other words. you can organize them into groups. . You then configure command policies to define the types of access. To configure authentication and authorization. and other elements NetScaler users and groups are permitted to use.

6. johnd). 3. 5. type a password to assign to the user. In the Password text box. To add a user account using the configuration utility 1. In the navigation pane. You use the parameters described in the following table. In the Confirm Password text box. To create a user account. use either of the following procedures. Parameter Password Specifies The password you assign for the user account. you simply assign a user name and password. 4.2 Citrix NetScaler Administration Guide Creating a User Account To create a user account. Click Create and click Close. Click Add. To add a user account using the NetScaler command line At the NetScaler command prompt. expand System and click Users. 2. again type the password that you have typed in the Password text box. On the System Users page. type a name for the user (for example. Password that the user enters to request access. . type: add system user userName Example add system user johnd Changing a User Password The following table describes the parameter you set to change a user password on the NetScaler. in the User Name text box. In the Create System User dialog box. Parameter User Name Password Specifies Name that the user enters to request access.

The nsroot account cannot be removed. Click Yes. johnd) and click Change Password. On the System Users page. select the user account that you want to remove. In the Confirm Password text box. To remove a user account using the configuration utility 1. type: rm system user userName Example rm system user johnd . To remove a user account. select the user account for which you want to change the password (for example. use either of the following procedures. In the navigation pane. 5. Click OK. To change the user password using the NetScaler command line At the NetScaler command prompt. type: set system user userName newpassword Example set system user johnd johnd1 Removing User Accounts You can remove user accounts if the policy assigned to your account allows you to do so. 3. 4. expand System and click Users. johnd. On the System Users page. type the new password.Chapter 1 Citrix NetScaler Authentication and Authorization 3 To change a user password. 2. For example. or if you log in to the nsroot account. 4. 3. To change the user password using the configuration utility 1. The Remove pop-up window appears. 2. In the navigation pane. To remove a user using the NetScaler command line At the NetScaler command prompt. expand System and click Users. type the new password again. Click Remove. use either of the following procedures. In the Password text box.

in the Group Name text box. . type: add system group groupName Example add system group Managers Binding a User to a Group You can bind each user account to more than one group. Adding Groups The following table describes the parameter you set to create a group. 2. Parameter User Name Specifies Name for the NetScaler user to be bound to the group. and click Close. click Add. On the System Groups page. To add a group using the NetScaler command line At the NetScaler command prompt. then bind users to the group.4 Citrix NetScaler Administration Guide Defining Groups To define a group. Managers). Use either of the following procedures to add a group. Parameter Group Name Specifies Name for the group of NetScaler users. In the navigation pane. expand System and click Groups. Click Create. 3. Binding user accounts to multiple groups may allow more flexibility when applying command policies.. use either of the following procedures. To add a group using the configuration utility 1. In the Create System Group dialog box. you first create the group. The following table describes the parameter you set to bind a user to a group. To bind a user to a group. type a name for the group (for example. 4.

you bind them to user and/or groups. To remove a group using the configuration utility 1. click Yes. type: bind system group groupName userName Example bind system group Managers johnd Removing Groups All the users and command policies that are currently bound to the group should be unbound before removing a group.Chapter 1 Citrix NetScaler Authentication and Authorization 5 To bind a user to a group using the configuration utility 1. To remove a group using the NetScaler command line rm system group groupName Example rm system group Managers Command Policies Command policies regulate which commands. In the Configure System Group dialog box. command groups. The NetScaler provides a set of built-in command policies. 4. To bind a user to a group using the NetScaler command line At the NetScaler command prompt. In the Remove pop-up. Click Remove. and you can configure custom policies. vservers. select a group and click Open. 3. In the navigation pane. Managers). 3. To apply the policies. expand System and click Groups. expand System and click Groups. On the System Groups page. from the Available Users list and click Add. 2. under Members section. 2. . In the navigation pane. select a user you want to bind to the group. (for example. and other elements NetScaler users and user groups are permitted to use. select the group that you want to remove. On the System Groups page.

Command policies must be bound directly to NetScaler users and groups. quit. alias. Policy Name Allows Read-only access to all show commands except show runningconfig. config.6 Citrix NetScaler Administration Guide Here are the key points to keep in mind when defining and applying command policies. You must assign a priority to a command policy when you bind it to a user account or group account. set cli mode. • • No global command policies may be created on the NetScaler. whoami. and the show commands for the NetScaler command group. source.conf. The following table describes them. unalias. Full access except to NetScaler commands. show cli attribute. clear cli prompt. unset cli mode. show ns. history. Same privileges as the nsroot user. and will therefore be unable to execute any commands until the proper command policies are bound their accounts. This enables the NetScaler to determine which policy has priority when two or more conflicting policies apply to the same user or group. and the show ns. show cli mode. man. All users inherit the policies of the groups to which they belong. Full access. • • • Built-in Command Policies Four default command policies are available on the NetScaler. help. Read-only access and access to commands to enable and disable services and servers or place them in ACCESSDOWN mode. read-only operator network superuser . set cli prompt. The following commands are available by default to any any user and are unaffected by any command policies you specify: help cli. exit. and show cli prompt. the shell command.conf and sh runningconfig commands. batch. Users or groups with no associated command policies are subject to the default DENY -ALL command policy.

which consist of the add lb vserver command followed by a space and . • When you use regular expressions to define commands that will be affected by a command policy. but not combined with any other parameters or flags. which consist of the add vserver command followed by a space and additional parameters and flags. Users who need additional levels of control. keep the following in mind.Chapter 1 Citrix NetScaler Authentication and Authorization 7 Creating Custom Command Policies Regular expression support is offered for users with the resources to maintain more customized expressions and those deployments that require the flexibility that regular expressions offer. For most users. such as those in the examples provided in this section. “^set\s+lb\s+. to maintain policy readability. you should type the following: DENY “^rm . may want to use only simple expressions. because all show actions begin with the show string. you should type the following: “^show . followed by a space and additional parameters and flags. The following table gives examples of regular expressions: Command Specification “^rm\s+. you must enclose the commands in double quotes. if you want to create a command policy named allowShow that includes all commands that begin with show.*$” “^shell$” “^add\s+vserver\s+. “^show\s+. For example. because all remove actions begin with the rm string. All show commands. the built-in command policies should be sufficient. .*$” If you want to create a command policy that includes all commands that being with rm. but are unfamiliar with regular expressions. followed by a space and additional parameters and flags. When you use a regular expression to create a command policy. All create a vserver actions.*” additional parameters and flags.*$” All commands that configure load balancing settings at the command group level. The shell command alone.*$” • Regular expressions used in command policies are case insensitive.*$” Matches these Commands All remove actions.*$” “^add\s+(lb\s+vserver)\s+ All create an lb vserver actions.

read_all). .*accessdown.* network superuser The following table describes the parameters you set to create a command policy. Allow). 3.*)|(^stat. 2.*)|(^stat. Parameter User Name Command Spec Action Specifies Name of the command policy. The action the policy need to apply when the command specification pattern matches.8 Citrix NetScaler Administration Guide The following table shows the command specifications for each of the built-in command policies: Policy Name read-only operator Command Specification Regular Expression (^man.*) ^(?!shell)\S+\s+(?!system)(?!ns ns. expand System and click Command Policies.*)|(^stat. Rule expression that the policy uses to pattern match. use either of the following procedures. select the action (for example. On the Command Policies page. In the Action list. click Add. Click Create.* . 4.conf)(?!ns runningConfig).*)|(^set.conf)(?!ns runningConfig). Possible values: ALLOW and DENY To create a command policy.conf)(?!ns runningConfig).conf)(?!ns runningConfig).*) (^man.*)|(^show\s+(?!system)(?!ns ns. type a name for the command policy (for example. In the Create Command Policy dialog box. such as “(^show\s+(?!system)(?!ns ns. in the Policy Name text box. 6.*)” (you can use the Policy Components to expedite entry). In the Command Spec text box. To create a command policy using the configuration utility 1. 5. enter a command.*)|(^(enable|disable) (server|service). In the navigation pane.*)|(^show\s+(?!system)(?!ns ns.

Chapter 1

Citrix NetScaler Authentication and Authorization

9

To create a command policy using the NetScaler command line

At the NetScaler command prompt, type:
add system cmdPolicy policyname action cmdspec

Example
add system cmdPolicy read_all ALLOW (^show\s+(?!system)(?!ns ns.conf)(?!ns runningConfig).*)|(^stat.*)

Binding Command Policies to Users and Groups
Once you have defined your command policies, you must bind them to the appropriate user accounts and groups. When you bind a policy, you must assign it a priority so that the NetScaler can determine which command policy to follow when two or more applicable command policies are in conflict. The order in which command policies are evaluated is: • Command policies bound directly to users and the corresponding groups are evaluated based on the priority number. A command policy with a lower priority number is evaluated before one with a higher priority number. Therefore, any privileges the lower-numbered command policy explicitly grants or denies are not overridden by a higher-numbered command policy. When two command policies one bound to an user account and other bound to a group have the same priority number then the command policy bound directly to the user account is evaluated first.

Binding Command Policies to a user
The following table describes the parameters you set to bind command policies to a user.

Parameter User Name Policy Name

Specifies The user account Name of the command policy bind to the user.

To bind a policy to a user, use either of the following procedures.
To bind command policies to a user using the configuration utility

1. 2.

In the navigation pane, expand System and click Users. On the System Users page, select a user (for example, johnd)

10

Citrix NetScaler Administration Guide

3. 4.

Click Open. In the Configure System User dialog box, under Command Policies, in the Active column, select one or more check boxes for policies to bind to this user. In the Priority list box, for each active policy, enter a priority number for the policy (for example, 1), or adjust the number. Click OK.

5. 6.

To bind command policies to a user using the NetScaler command line

At the NetScaler command prompt, type:
bind system user userName policyName priority

Example
bind system user johnd johnd_pol 1

Binding Command Policies to a Group
The following table describes the parameters you set to bind a policy to a

group.
Parameter Group Name Policy Name Specifies Name of the group. Name of the command policy to bind to the user group.

To bind command policies to a group, use either of the following procedures
To bind command policies to a group using the configuration utility

1. 2. 3. 4.

In the navigation pane, expand System and click Groups. On the System Groups page, select a group (for example, Managers) Click Open. In the Configure System Group dialog box, under Command Policies, in the Active column, select one or more check boxes for policies to bind to this group. In the Priority list box, for each active policy, enter a priority number for the policy (for example, 2), or adjust the number. Click OK.

5. 6.

Chapter 1

Citrix NetScaler Authentication and Authorization

11

To bind command policies to a group using the NetScaler command line

At the NetScaler command prompt, type:
bind system group groupName -policyName policyName priority

Example
bind system group Managers -policyName Managers_pol 2

Removing Command Policies
The built-in command policies cannot be removed. If your user account is assigned the right to remove a command policy, you can use either of the following procedures to remove command policies.
To remove a command policy using the configuration utility

1. 2. 3. 4.

In the navigation pane, expand System and click Command Policies. On the Command Policies page, select the command policy to be removed (for example, Managers_pol). Click Remove. In the Remove pop-up window, click Yes.

To remove a comand policy using the NetScaler command line

At the NetScaler command prompt, type:
rm system cmdPolicy PolicyName

Example
rm system cmdPolicy Managers_pol

Resetting the Default Administrator (nsroot) Password
The nsroot account provides complete access to all features of the NetScaler. Therefore, to preserve security, the nsroot account should be used only when necessary, and only individuals whose duties require full access should know the nsroot account password. Also for security, it is advisable to change the nsroot password frequently. If you lose the password, you can reset it as described here. To reset the nsroot password, you must boot the NetScaler into single user mode, mount the file systems in read/write mode, and remove the set NetScaler user nsroot entry from the ns.conf file. This process does not actually recover your nsroot password, but it does allow you to reset it to the default setting, nsroot. You can then choose a new password. Use the following procedure.

5. When the NetScaler completes rebooting. ‘help’ for more detailed help. Follow the prompts to change the password. Connect a computer to the NetScaler serial port and log on. Exit the config ns menu. and press the Enter key to start the NetScaler in single user mode. and type the following commands to mount the file systems: fsck /dev/ad0s1a mount /dev/ad0s1a /flash Using a text editor of your choice. Press CTRL+C. edit the /flash/nsconfig/ ns. Note: You cannot log on via ssh to perform this procedure. Booting [kernel] in # seconds. Log on as nsroot. Once logged in to the NetScaler. you must connect directly to the NetScaler. The following message appears: Type ‘?’ for a list of commands. 7. Press the Enter key to display the # prompt. 8.conf file and remove the set system user nsroot entry. 2. 9. 10. Type boot -s. ok 3. you will be required to enter a new nsroot user password. After the NetScaler boots. it displays the following message: Enter full pathname of shell or RETURN for /bin/sh: 4. it displays the following message: Hit [Enter] to boot immediately. As the operating system starts.12 Citrix NetScaler Administration Guide To reset the nsroot password 1. Save the file and exit the text editor. Type reboot and press the Enter key to reboot the NetScaler. . 6. it prompts for username and password. or any other key for command prompt. with the password nsroot.

and command policies and bind each policy to the appropriate groups and users. The IT manager. but needs to modify only the load balancing functions. The company. has three users who will access the NetScaler: • • John Doe. Michael needs to be able to see all parts of the NetScaler configuration. The IT administrator in charge of load balancing. groups. Maria needs to be able to see and modify all parts of the NetScaler configuration except for NetScaler commands (which local policy dictates must be performed while logged on as nsroot). Michael Baldrock.example.net. Example Manufacturing.Chapter 1 Citrix NetScaler Authentication and Authorization 13 Examples of User Scenarios The following example shows how to create a complete set of user accounts. and command policies on the NetScaler ns01. . IT manager Maria Ramirez. user account names.example. IT administrator All managers All IT administrators Allow complete read-only access Allow modify access to load balancing Allow nearly complete modify access Groups Command Policies The following description walks you through the process of creating a complete set of user accounts. The description includes procedures for binding the appropriate user accounts and groups to one another. and binding appropriate command policies to the user accounts and groups. This example illustrates how you can use prioritization to grant precise access and privileges to each user in the IT department. group names. and command policies for the sample company: Field NetScaler hostname User accounts Value ns01. John needs to be able to see all parts of the NetScaler configuration but does not need to modify anything. • The following table shows the breakdown of network information. IT administrator Michael Baldrock.. Inc.net johnd mariar michaelb Managers SysOps read_all modify_lb modify_all Note John Doe. The lead IT administrator. groups. Maria Ramirez.

4. . 2. In the Create System Group dialog box. In the Confirm Password text box. On the System Groups page. type johnd. in the Group Name text box. expand System and click Users. 5. To add command policies 1. Click Create. 4. On the System Users page. 2. Click OK. 5.14 Citrix NetScaler Administration Guide The example assumes that initial installation and configuration have already been performed on the NetScaler. Click Add. 4. 6. Repeat steps 1–4 to bind users mariar and michaelb to the group SysOps. To create johnd. Repeat steps 2–6 to create user accounts and passwords for Maria Ramirez and Michael Baldrock. and click Close. To create groups Managers and SysOps 1. In the Create System User dialog box. expand System and click Groups. In the navigation pane. In the navigation pane. 7. 6. Click Create. and michaelb user accounts 1. On System Groups page. Repeat steps 1–4 to create a group named SysOps. type a password to assign to the user. in the User Name text box. 5. In the Configure System Group dialog box. and click Close. mariar. In the Password text box. type Managers. On the Command Policies page. expand System and click Groups. 2. Click Add to move johnd to the Configured Users list. In the navigation pane. again type the password that you have typed in the Password text box. In the navigation pane. click Add. select the Managers group and click Open. 2. 3. To bind users to a group 1. select johnd in the Available Users list. expand System and click Command Policies. click Add. 3. under Members. 3.

In the Create Command Policy dialog box. Click OK. 3. 5. Repeat steps 1–6. . to create a command policy named modify_all with action as Allow and the command spec “^\S+\s+(?!system). in the Policy Name text box. Click OK. select the Managers group. In the navigation pane. select the modify_lb policy and change the Priority list box to 5. under Command Policies. To bind a command policy to a user 1. 4. in the Active column. the IT manager. to create a command policy named modify_lb with action as Allow and the command spec “^set\s+lb\s+.*)|(^stat. In the Configure System Group dialog box. 4. has read-only access to the entire NetScaler. select the read_all policy and change the Priority list box to 1. under Command Policies. in the Active column. Click Open. On the System Users page. 2. type read_all. but cannot make modifications. 5. Repeat steps 1–5 to bind the read_all command policy to the SysOps group.*$” Repeat steps 1–6. In the Command Spec text box.conf)(?!ns runningConfig). select the michaelb user account.*” 6. select Allow. In the Configure System User dialog box. 4. On the System Groups page. The configuration you've just created results in the following: • John Doe. expand System and click Groups. 6. 7. expand System and click Users. enter “(^show\s+(?!system)(?!ns ns. also assigning it a priority of 1. 2. To bind a command policy to a group 1.Chapter 1 Citrix NetScaler Authentication and Authorization 15 3. Click Open. 8. 5. Click Create. 3.*)” (you can use the Policy Components to expedite entry). In the Action list. In the navigation pane.

the set of command policies that applies to a specific user is a combination of command policies applied directly to the user's account and command policies applied to the group(s) of which the user is a member. it's good to bear in mind the NetScaler's command policy search procedure and policy ordering rules. when organizing your users in groups. the operating system stops its command policy search and allows or denies access to the command. take care not to cause unintended user command restrictions or privileges. the operating system searches the command policies for that user until it finds a policy with an explicit ALLOW or DENY action that matches the command. Each time a user enters a command. having to log on only to perform NetScaler-level commands. • As mentioned earlier. has near-complete access to all areas of the NetScaler configuration. When it finds a match. the IT lead. in accordance with the NetScaler’s default deny policy. it denies the user access to the command. To avoid these conflicts. . and can modify the configuration options for load balancing. Note: When placing a user into multiple groups. Michael Baldrock.16 Citrix NetScaler Administration Guide • Maria Ramirez. If the operating system finds no matching command policy. has read-only access to the NetScaler configuration. the IT administrator responsible for load balancing.

each SNMP network management application uses SNMP to communicate with the SNMP agent on the NetScaler. and provides the information to the application. NetScaler Supporting SNMP . This diagram shows a network with a NetScaler that has SNMP enabled and configured. In the diagram.C HAPTER 2 SNMP The NetScaler supports Simple Network Management Protocol (SNMP) functionality. The SNMP agent searches its management information base ( MIB) to collect the data requested by the network management application. as illustrated in the following diagram.

copy the NS-MIB-smiv2. SNMP version 2 (SNMPv2). In This Chapter Importing MIB Files Defining SNMP Managers Configuring SNMP V1 and V2 Configuring SNMP V3 Importing MIB Files SNMPv1 managers (programs on computers that request SNMP information from the NetScaler) use the NS-MIB-smiv1. SNMPv2 and SNMPv3 managers use the NS-MIB-smiv2.netscaler. If the WhatsUpGold SNMP manager is installed on your computer. such as SNMPv2 Get-Bulk. . The NetScaler supports enterprise-specific MIBs. such as counter64. IF.netscaler. /Utilities/ SNMP/HP_OpenView directory. you must import the appropriate SNMP MIB files to the network management application. Before you start configuring SNMP. It also supports SNMPv2 datatypes. /Utilities/ SNMP/WhatsUpGold directory. Provides the MIB-2 groups SYSTEM.txt files from the NetScaler Product CD. contact the NetScaler product support group. or download it from the FTP site ftp. as follows: • If the HP OpenView SNMP manager is installed on your computer. Provides NetScaler-specific configuration and statistics.txt and mib.mib file.com. UDP. The SNMP agent handles queries. The SNMP agent also sends out traps compliant with SNMPv2.com.mib file from the NetScaler Product CD. and SNMP version 3 (SNMPv3). or download it from the FTP site ftp. A NetScaler enterprise MIB. from the SNMP manager. and SNMP. copy the traps.18 Citrix NetScaler Administration Guide The SNMP agent on the NetScaler supports SNMP version 1 (SNMPv1). ICMP. • Note: For information about the user name and password used to connect to the FTP site.mib file when processing SNMP queries. They are: • • A subset of standard MIB-2 groups.

Click Add. 3. type: add snmp manager IPaddress Example add snmp manager 10. Adding an SNMP Manager The following table describes the parameters you set to add an SNMP Manager: Parameter IP Address Specifies IP/Network address of the management station. 2. In the Create Manager dialog box.5). or SNMP version 3. expand System. In the Add SNMP Manager dialog box. and click Managers.102. type the IP address of the computer running the management application (for example. to access the NetScaler. Netmask To add an SNMP manager. it accepts and responds only to SNMP queries from those specific IPs. You can add upto a maximum of 100 SNMP manager or networks. which complies with SNMP version1. If you configure one or more SNMP managers. Note: If you do not configure at least one SNMP manager.102.Chapter 2 SNMP 19 Defining SNMP Managers You need to configure the management application.5 . 10. Subnet of management stations.29. in the IP Address text box. the NetScaler accepts and responds to SNMP queries from all IPs on the network. To add an SNMP manager using the NetScaler command line At the NetScaler command prompt. use either of the following procedures: To add an SNMP manager using the configuration utility 1. Used to grant access from entire subnets to the NetScaler.29. 4. click SNMP. click Add. In the navigation pane. SNMP version 2.

20

Citrix NetScaler Administration Guide

Removing SNMP Managers
When you remove a SNMP manager from the NetScaler, that manager can no longer query the NetScaler. Note: If there is no SNMP manager configured on the NetScaler, network management applications from any host computer can access the NetScaler. To remove an SNMP manager, use either of the following procedures:
To remove an SNMP manager using the configuration utility

1. 2. 3. 4.

In the navigation pane, expand System, click SNMP, and then click Managers. On the SNMP Managers page, select the manager which you want to remove. Click Remove. In the Remove dialog box, click Yes.

To remove an SNMP manager using the NetScaler command line

At the NetScaler command prompt, type:
rm snmp manager IPAddress

Example
rm snmp manager

10.102.29.5

Configuring SNMP V1 and V2
Before you can use SNMP in the NetScaler, you must configure the NetScaler to allow the appropriate SNMP managers to access it. You must also provide the SNMP manager with the required NetScaler-specific information. The configuration process consists of the following tasks: • • Set the SNMP community, which defines access privileges (Read operation). Set traps and alarms to send SNMP trap notifications to the SNMP manager for any asynchronous events generated by the agent to indicate the state of the NetScaler.

Chapter 2

SNMP

21

Adding an SNMP Community
You add an SNMP community string to grant access to an SNMP network management application to manage the NetScaler. The community also defines the specific management tasks that you can perform.
The following table describes the parameters you set to add an SNMP community:

Parameter

Specifies SNMP community string.

Community Name Permissions

Access privileges. Possible values: GET, GET NEXT, GET BULK, ALL.

To add an SNMP community string

1. 2. 3. 4. 5.

In the navigation pane, expand System, click SNMP, and then click Community. On the SNMP Community page, click Add. In the Add SNMP Community dialog box, in the Community String text box, type a name for the community to be added (for example, Com_All). In Permission, select the ALL option. Click Create.

Removing an SNMP Community
When you remove a community string, no SNMP managers can use this community string to manage or access the NetScaler. To remove a community string, use either of the following procedures:
To remove an SNMP community string

1. 2. 3. 4.

In the navigation pane, expand System, click SNMP, and then click Community. On the SNMP Community page, select the community that you want to remove (for example, Com_All). Click Remove. In the Remove dialog box, click Yes.

22

Citrix NetScaler Administration Guide

Configuring SNMP Traps and Alarms
In addition to providing information in response to specific requests, the NetScaler can display an alarm, or notification message, in a window on a designated computer or computers whenever a particular type of event occurs. This type of notification is called an SNMP trap, and it helps administrators monitor the NetScaler and respond promptly to any issues.s SNMP traps are asynchronous events generated by the agent to indicate the state of the NetScaler. The trap listener receives traps on the trap destination port. If this port is not configured correctly, the traps do not reach the SNMP manager. You can configure the NetScaler to send traps to the SNMP manager when specific events generate alarms at specific severity levels. There are 5 severity levels: Critical, Major, Minor, Warning, and Informational. You can configure the NetScaler to send SNMP traps with source IP other than the NSIP. You can set the source IP of an SNMP trap to either a MIP or a SNIP. The NetScaler supports four types of generic SNMP traps and 65 types of enterprise-specific traps. You can specify maximum of five IP addresses as destinations for either type. If more than 10 authentication traps messages are generated within 20 seconds, no traps messages will be generated for the next 60 seconds. The following table describes the generic traps that the NetScaler supports.

Generic trap authenticationFailure coldStart linkUp

Indicates An SNMP management application without access privileges has attempted to access the NetScaler. An SNMP entity configured as an agent has reinitialized itself. Its configuration may have been altered. The sending protocol entity recognizes that one of the communication links represented in the agent's configuration has come up. The sending protocol entity recognizes a failure in one of the communication links represented in the agent's configuration.

linkDown

The following table describes the specific SNMP traps that the NetScaler supports.

Specific trap averageCpuUtilization

Indicates Average CPU usage in the multi-processor NetScaler has exceeded the high threshold.

The NetScaler has become the primary node in a High Availability configuration. vserver.Chapter 2 SNMP 23 Specific trap averageCpuUtilizationNormal Indicates Average CPU usage in the multi-processor NetScaler has come back to normal after exceeding the predefined threshold . State of the interface. vserver. Interface throughput has fallen below an alarm threshold. A fan speed has fallen below an alarm threshold. Interface throughput has returned to normal. or physical service has changed to UP. Memory utilization has exceeded the predefined threshold. Number of clients for a service has fallen below 70% of maximum number allowed for that service. changeToPrimary changeToSecondary cpuUtilization cpuUtilizationNormal diskUsageHigh diskUsageNormal entityup entitydown fanSpeedLow fanSpeedNormal interfaceThroughputLow interfaceThroughputNormal maxClients maxClientsNormal A fan speed has returned to normal. An alarm threshold of 25% of the minimum is recommended. Response time for a monitor probe has exceeded the configured threshold. Disk usage has returned to normal. Note: Fan speed varies from 4000 through 6500 on all platforms. memoryUtilization memoryUtilizationNormal monRespTimeoutAboveThresh . after causing a maxClient trap. or physical service has changed to DOWN. CPU utilization has returned to normal after exceeding the threshold and generating a cpuUtilization trap. State of the interface. Memory utilization has returned to normal after a memoryUtilization trap. CPU utilization has exceeded the threshold. Number of clients for a service has reached the maximum allowed for that service. The NetScaler has become the secondary node in a High Availability configuration. Disk usage has exceeded the threshold.

indicating that response time has returned to normal. Request bytes per second of a service group has exceeded a threshold value. The number of unacknowledged syns for a service has exceeded a threshold value. Response bytes/s of a service exceeded a threshold value. Note: This trap is not generated when the configuration is restored from the ns. A SSL certificate is due to expire. Request bytes per second of a service group has returned to normal. . Request rate on a service has returned to normal. Response bytes/s of a service has returned to normal. Request rate on a service has exceeded the threshold. Your NetScaler configuration has changed.24 Citrix NetScaler Administration Guide Specific trap monRespTimeoutBelowThresh Indicates Response time for a monitor probe is below the threshold. Request rate on a service group member has returned to normal.conf file. The number of unacknowledged syns for a service has returned to normal. Request bytes/s of a service has returned to normal. netscalerLoginFailure NetScalerConfigChange netScalerConfigSave serviceRequestRate serviceRequestRateNormal serviceRxBytesRate serviceRxBytesRateNormal serviceTxBytesRate serviceTxBytesRateNormal serviceSynfloodRate serviceSynfloodNormal sslCertificateExpiry svcGrpMemberRequestRate svcGrpMemberRequestRateNormal svcGrpMemberRxBytesRate svcGrpMemberRxBytesRateNormal svcGrpMemberTxBytesRate The NetScaler configuration has been saved. Request bytes/s of a service has exceeded a threshold value. A user 's atempt to log in to the NetScaler has failed. Request rate on a service group member has exceeded a threshold value. Response bytes per second of a service group has exceeded a threshold value.

A voltage has returned to normal. Number of unacknowledged syns for a vserver has returned to normal. Request bytes/s of a vserver has exceeded the threshold value. Number of unacknowledged SYN packets for a service group has exceeded a threshold value. Request bytes/s of a vServer has returned to normal. . Response bytes/s of a vServer has returned to normal. Number of unacknowledged syns for a vserver has exceeded a threshold value. Number of clients has fallen below 70% of maxClients value for a service group member. Number of clients has reached the maxClients value for a service group member. Rate at which unacknowledged SYN packets are received has exceeded the threshold. Number of unacknowledged SYN packets for a service group has returned to normal. The temperature is measured in degree centigrade (0C). Request rate on a vserver has exceeded the predefined threshold. Rate at which unacknowledged SYN packets are received has returned to normal. Response bytes/s of a vserver has exceeded a threshold value. Request rate on a vserver has returned to normal. Temperature has gone high. Temperature has returned to normal. A voltage has fallen below the threshold value.Chapter 2 SNMP 25 Specific trap svcGrpMemberTxBytesRateNormal svcGrpMemberSynfloodRate svcGrpMemberSynfloodNormal svcGrpMemberMaxClients svcGrpMemberMaxClientsNormal synflood synfloodNormal temperatureHigh temperatureNormal vServerRequestRate vServerRequestRateNormal vserverRxBytesRate vserverRxBytesRateNormal vserverTxBytesRate vserverTxBytesRateNormal vserverSynfloodRate vserverSynfloodNormal voltageLow voltageNormal Indicates Response bytes per second of a service group has returned to normal.

The normal value ranges from 2970mV through 3630mV. UNKNOWN. The power supply has returned to service. or STAY SECONDARY . High Availability heartbeats are not received by the primary node from the secondary. The following table describes the parameters you set to add an SNMP trap: Parameter Trap Class Version Specifies The Trap type. Bandwidth usage of any of the interfaces of the NetScaler has returned to normal Aggregate bandwidth usage of the NetScaler has exceeded the threshold value. Configuration synchronization has failed on secondary node. . Possible values: generic and specific. State of the secondary node has changed to DOWN. Bandwidth usage of any of the interfaces of the NetScaler has exceeded the threshold value. Aggregate bandwidth usage of the NetScaler has returned to normal. and voltageHigh are based on v33main and v33stby (mV). haVersionMismatch haSyncFailure haNoHeartbeats haBadSecState powerSupplyFailed powerSupplyNormal interfaceBWUseHigh interfaceBWUseNormal aggregateBWUseHigh aggregateBWUseNormal OS versions of the NetScalers in a High Availability configuration do not match. The default community name is “public”. Note: The three traps voltageLow. Note: SNMP manager to listen for traps with this community name. Power supply has failed.26 Citrix NetScaler Administration Guide Specific trap voltageHigh Indicates A voltage has exceeded the threshold value. SNMP version of the trap PDU to be sent. voltageNormal.

29. In Minimum Severity. com1). type the destination port (for example. select an SNMP Version (for example. Destination port of the trap. 10. In the Destination Port text box. In the Destination IP Address text box. Major). Community Name To add an SNMP Trap. Click Add. 10. expand System. 5. select a severity option (for example.29.Chapter 2 SNMP 27 Parameter Destination IP Address Destination Port Source IP Address Severity Specifies IP address of the trap destination. 4. 6. Minimum severity of the alarm resulting in this trap. In Version. The community string. 9.54 -severity Major . 8. and click Traps. 2. Default: Informational (any alarm). 3. type the name of the SNMP string that you want to include in the trap (for example. use either of the following procedures: To add an SNMP Trap using the configuration utility 1.54). 163).102. click SNMP. Default: 162. In the navigation pane. In the Source IP text box.102. On the Traps page. To add an SNMP Trap using the NetScaler command line At the NetScaler command prompt. 7.29. type the IP address that is to receive the trap (for example.102.29.3 -version V2 -destPort 163 -communityName com1 -srcIP 10. click Add.102.3). type the source IP address of the trap (for example. type: add snmp trap trapClass trapDestination -version ( V1 | V2 ) -destPort port -communityName string -srcIP ip_addr -severity severity Example add snmp trap specific 10. Default: public. In the Community Name text box. Minimum value: 1 Source IP of the traps. V1).

expand System. Click Remove. 3. 3. the NetScaler will generate corresponding trap messages when some events occur. Some alarms are enabled by default. click Enable. . Minor. Major. In the navigation pane. Major. In the navigation pane. A trap is sent only when the severity of the alarm matches the severity configured in the trap. and Informational. 4. The following table describes the parameter you set to configure the severity of SNMP alarm: Parameter Severity Specifies Severity level of this alarm.28 Citrix NetScaler Administration Guide Removing an SNMP Trap When you remove a trap. Warning. to disable an enabled alarm. click Yes. click Disable. or. Warning. Enabling or Disabling an SNMP Alarm When you enable a SNMP alarm. You can assign severity levels to alarms. Configuring SNMP Alarms The NetScaler generates traps only for SNMP alarms that are enabled. expand SNMP. and click Alarms. On the SNMP Alarms page. To remove an SNMP trap. 2. use either of the following procedures: To remove an SNMP trap 1. 2. Possible values: Critical. On the SNMP Traps page. Setting the Severity of SNMP Alarms There are 5 levels of severity for alarms: Critical. Minor. Informational. select the trap that you want to remove. In the Remove dialog box. click SNMP. and then click Traps. select an alarm (for example. To enable or disable an SNMP alarm 1. expand System. Login-Failure). trap messages are no longer sent to the destination specified. To enable a disabled alarm. Some NetScaler alarms are enabled by default. Default: Informational. but you can disable them.

expand System. select a severity option (for example. This message is logged. Click Ok. expand SNMP. If logging of an alarm has been disabled. however. 3. the logging state is unknown. Major). 2. you can enable it by setting the parameter in the following table. For alarms that need threshold values. When this alarm is enabled. In the Configure SNMP Alarm dialog box. a trap message is generated and sent to the trap destination whenever there is a login failure on the NetScaler. The following procedure includes examples for enabling or modifying the logging of trap messages for the alarm LOGIN-FAILURE. Click Open. Click Ok. Possible values : ENABLED and DISABLED. Once thresholds are configured. Click Open. type: set snmp alarm AlarmType -logging Status . in Logging. expand SNMP.Chapter 2 To set the severity of SNMP alarm SNMP 29 1. 2. expand System. Logging of SNMP Traps The logging of trap messages is enabled by default. select ENABLED to enable the logging of SNMP trap messages generated or select DISABLED to disable logging of SNMP trap messages. and then click Alarms. in Severity. 4. 3. In the navigation pane. and click Alarms.: Parameter Logging Specifies Enable logging of SNMP trap messages by Syslog. logging is automatically enabled. To enable or disable logging of SNMP traps using configuration utility 1. In the navigation pane. In the Configure SNMP Alarm dialog box. To enable or disable logging of SNMP traps using the NetScaler command line At the NetScaler command prompt. 4.

SNMPv3 introduces the user-based security model (USM) and the view-based access control model (VACM). and data confidentiality. data origin verification. data integrity check. SNMPv3 enhances the basic architecture to incorporate administration and security capabilities such as authentication. Salient Features SNMPv3 provides security features such as message-level security and access control. and view type. access control. Message timeliness: To protect against message delays or replays. User-based Security Model The user-based security model (USM) provides message-level security. such as security level. Data confidentiality: To protect the content of messages from being disclosed to unauthorized entities or individuals. . Data origin verification: To authenticate the user who sent the message request. It enables you to configure agents to provide different levels of access to the MIB to different managers.30 Citrix NetScaler Administration Guide Example set snmp alarm LOGIN-FAILURE -logging ENABLED or set snmp alarm LOGIN-FAILURE -logging DISABLED Configuring SNMP V3 Simple Network Management Protocol Version 3 (SNMPv3) is based on the basic structure and architecture of SNMPv1 and SNMPv2. user name. However. To implement these features. security model. It enables you to configure users and security parameters at the agent and the manager to ensure: • • • • Data integrity: To protect messages from being modified during transmission through the network. View-Based Access Control Model View-based access control model (VACM) enables you to configure access rights to a specific subtree of the MIB based on various parameters. message timeliness check.

SNMP engines are uniquely identified using engine IDs. group. Configuring SNMP V3 To implement message authentication and access control. They provide services such as sending or receiving and authenticating messages. You can configure an SNMP group to set access rights for users assigned to that group. These entities function together to implement the SNMPv3 security features. However. SNMP Users SNMP users are the SNMP managers that the agents allow to access the MIBs. Then.Chapter 2 SNMP 31 SNMPv3 Security Entities The Citrix NetScaler supports the following entities that enable you to implement the security features of SNMPv3: • • • • SNMP Engines SNMP Views SNMP Groups SNMP Users SNMP Engines SNMP engines are service providers that reside in the SNMP agent.They are used to implement access control and to define the security levels. thereby restricting the users to specific views. Note: The view. you need to: . groups are created with the required security level and access to the defined views. Finally. the engineID is neither propagated nor synchronized as it is unique to each NetScaler. users are created and assigned to the groups. SNMP Groups SNMP groups are logical aggregations of SNMP users. SNMP views are used to implement access control. and user configuration are synchronized and propagated to the secondary node in an HA pair. Views are created to allow access to subtrees of the MIB. Each SNMP user is assigned to an SNMP group. SNMP Views SNMP views restrict user access to specific portions of the MIB.

Click OK. expand System.32 Citrix NetScaler Administration Guide • • • • Set the Engine ID Configure Views Configure Groups Configure Users Setting the Engine ID An SNMP engine ID uniquely identifies an SNMP engine. use either of the following procedures. In the Configure Engine ID dialog box. 2. To set the engine ID using configuration utility 1. type an engine ID (for example. type: set snmp engineId Value Example set snmp engineId 8000173f0300c095f80c68 Adding an SNMP View You can use SNMP views to implement access control. To set the engine ID using the NetScaler command line At the NetScaler command prompt. The NetScaler has an unique engineID based on the MAC address of one of its interfaces. and click Users. 8000173f0300c095f80c68). in the Engine ID text box. expand SNMP. . However. On the SNMP Users page. 3. It is not necessary to override this engineID. In the navigation pane. you can reset it. click Configure Engine ID. 4. if you want to change this engine ID. The following table describes the parameter you set to configure the Engine ID: Parameter EngineID Specifies Engine ID of the SNMP agent. To set the engine ID.

2. Subtree of the MIB. Click Create. To add an SNMP view. To add an SNMP view using the NetScaler command line At the NetScaler command prompt. type: add snmp view Value Example add snmp view View1 Adding an SNMP Group You need to configure an SNMP group to set access rights for users assigned to that group. click Add. To add a SNMP group. 5. View1). expand System. type a name for the SNMP view you want to add (for example. In the Navigation Pane. The following table describes the parameters you set to add an SNMP group: Parameter Name Read View Specifies Name of the SNMP view. in the Name text box. and click View. To add an SNMP view using the configuration utility 1. In the Add SNMP View dialog box. expand SNMP. In the Subtree text box. SNMP view to be associated with this group. use either of the following procedures.Chapter 2 SNMP 33 The following table describes the parameters you set to add an SNMP view: Parameter Name Subtree Specifies Name of the SNMP view. type the subtree of the MIB. On the SNMP View page. 4. 3. use either of the following procedures: .

In the navigation pane. and assign each user to a group. 5. To add an SNMP user using the NetScaler command line At the NetScaler command prompt.34 Citrix NetScaler Administration Guide To add an SNMP group using the configuration utility 1. type: add snmp group group name Example add snmp group Group1 Adding an SNMP User You need to configure users at the agent. In Group Name. On the SNMP Users page. 3. On the SNMP Groups page. Group1). In the Add SNMP Group dialog box. use either of the following procedures: To add an SNMP user using the configuration utility 1. User1). In the navigation pane. click SNMP. Click Create and click Close. expand System. Click Create and click Close. click Add. 2. select the configured SNMP group that you want the user to be part of. To add an SNMP group using the NetScaler command line At the NetScaler command prompt. type a name for the SNMP group you want to add (for example. 4. in the Name text box. 2. click Add. To add a SNMP user. and then click Users. In the Add SNMP User dialog box. and click Group. SNMP view to be associated with this user. The following table describes the parameters you set to add an SNMP user: Parameter Name Read View Specifies Name of the SNMP user. type: . 4. type a name for the SNMP user you want to add (for example. expand System. expand SNMP. 3. in the Name text box.

and user configurations are synchronized and propagated to the secondary node in an HA pair.Chapter 2 SNMP 35 add snmp user user name Example add snmp user User1 Note: The view. group. . the engineID is neither propagated nor synchronized. because it is unique to each NetScaler. However.

36 Citrix NetScaler Administration Guide .

so that you can review to troubleshoot problems or errors and fix them. Error. and Emergency) The message information To enable audit server logging. The audit server collects and stores the events history in a chronological order. These messages typically contain the following information: • • • • • The source module that generates the message A time stamp The message type The predefined log levels (Critical. you must configure the auditing parameters on the NetScaler. you set up a log file to capture the NetScaler status information in the form of messages. Informational. Notice.C HAPTER 3 Audit Server Logging Auditing is a methodical examination or review of a condition or situation. set up and install the executable files on a computer from where you want to run the audit tool. The Audit Server Logging feature enables you to log the Citrix NetScaler states and status information collected by various modules in the kernel and in the user-level daemons. and configure the parameters in the configuration file by defining the filters and filter parameters. Alert. When you configure audit server logging. Debug.The filters determine the type of information in the log files and the location at which to storethe files. Warning. In This Chapter Configuring the Citrix NetScaler Audit Server Log Installing the Audit Server Files Configuring Audit Server Logging on a Server system Configuring Audit Server Logging for a Commonly Used Deployment Scenario .

NONE. To configure audit server logging.0. Date Format Format of the date stamp. Possible values: ALL. IP address of the auditing server. . Possible Values: MMDDYYYY and DDMMYYYY. see the table.” on page 39. Default: 0. or one or more of the following: • • • • • • • • EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATION DEBUG For more information about these settings. You must bind the audit log policy to a specific load balancing vserver that you want to log. Possible values: SYSLOG and NSLOG. you must set the following parameters: Parameter Auditing Type IP Address Port Log Levels Specifies Type of audit to perform.38 Citrix NetScaler Administration Guide Configuring the Citrix NetScaler Audit Server Log You can configure the log settings in the Citrix NetScaler through the Graphical User Interface (GUI) or CLI.0. Default: 3023. The Citrix NetScaler can also log the following information related to TCP connections: • • • • • • Source port Destination port Source IP Destination IP Number of bytes transmitted and received Time period for which the connection is open Note: You can enable TCP logging on individual load balancing vservers. Severity levels of messages to be logged.0. Port to use to communicate. “.

Chapter 3 Audit Server Logging 39 Parameter Log Facility Specifies Log facility. Log issues that may result in critical errors. under Settings. In the Navigation Pane. CRITICAL ERROR WARNING NOTICE INFORMATION DEBUG Configuring Global Audit Server Parameters The global audit server parameters provide detailed control of the information to be logged. expand System. Enable or disable logging of TCP events. but in greater detail. Possible values: GMT and Local. Time zone for the time stamp. Log messages related to failed NetScaler operations. Log critical conditions. Log all actions taken by the NetScaler. On the Auditing page. Time Zone TCP Logging The following table describes the severity levels that you can set to specify when logging is to occur. 2. This level is useful for troubleshooting problems. click global auditing parameters. . To configure the parameters. and click the Auditing node. and you can specify the location at which the messages are stored. Default: Local. which do not restrict current operations but may escalate to a larger problem. as defined in RFC3164. Default: LOCAL0. Possible values: LOCAL0 to LOCAL7. Uses numerical codes 0 to 7 to indicate the type of message originating from the Netscaler (for example. detailed information to help developers troubleshoot problems. Log extensive. Log the events specified by the INFORMATION setting. use the following procedure. Level EMERGENCY ALERT Specifies Log errors indicating that the NetScaler is experiencing a critical problem that may make the it unusable. Log problems that are not critical to current operations but that indicate a need for immediate corrective action to prevent a critical problem. NS and VPN). To configure global auditing parameters 1.

In the Log Facility drop-down list. 10. Note: For more information about the log facility options. select the Servers tab and click Add. Use this option when you want to reset log levels. for example. For descriptions of the parameters in this dialog box. select the ALL check box or select specific log-level check boxes. in the Name text box.” on page 38. select NSLOG. and click Policies. Select a Date Format option and a Time Zone option.40 Citrix NetScaler Administration Guide 3. 4. In the Configure Auditing Parameters dialog box. 3. The default port is 3023. and the port number to use. To configure an auditing action 1. In the IP Address and Port text boxes. “. In the Create Auditing Server dialog box. and in the Auditing Type drop-down list. 5. select NSLOG.” 7. see the table. select a log facility option. In the IP Address and Port text boxes. see the chapter “Managing the Citrix NetScaler System. type the IP address and the port number of the auditing server. In the Navigation Pane. 2.29. Configuring Audit Server Action and Policy You can configure audit server actions for different servers and for different log levels. 4. and 3023. Under Log Levels. Click OK. 6. in the Auditing Type drop-down list. On the Auditing Policies and Servers page.102. expand Auditing. . 8. 5. type a name for the auditing server.1. The default port number is 3023. The Create Auditing Server dialog box appears. Note: Selecting NONE disables all log levels. either select the ALL check box or select specific loglevel check boxes. expand System. Under Log Levels. type the IP of the server for which you want to configure logging.

and click Policies. click the NONE or ALL option. 2. Globally Binding the Audit Policies You must globally bind the audit log policies to enable logging of all Citrix NetScaler System events. 7. 5. In the Navigation Pane. you can set the evaluation order of the audit server logging. 3. In the Log Facility drop-down list. 2. in the Policies tab. 9. Select a Date Format option and a Time Zone option for the time stamp. .) In the Priority list box. and click Add. On the Policies page. select NSLOG. Priority 0 is the highest and is evaluated first. 5. expand System. select the Policies tab. 3. In the Bind/Unbind Auditing Global Policies dialog box. select a log facility. The policy appears on the Policies page. On the Policies page. enter or adjust the priority (for example. click the down arrow until 0 appears). 4. in the Active column. In TCP Logging. select the server for which the policy applies. in the Name text box. 8. In the Navigation Pane. 6. (To unbind a policy. In the Create Auditing Policy dialog box. The higher the priority number. the lower is the priority of evaluation. clear the check box. type a name for the policy (for example. select the check box next to the policy that you want to bind. and select Policies. and click Close. Click Create and click Close. To configure an audit server policy 1. 4. nspol1). In the Auditing Type drop-down list. In the Server drop-down list. expand System.Chapter 3 Audit Server Logging 41 6. expand Auditing. expand Auditing. Click Create. Click OK. To globally bind the audit policy 1. By defining the priority level. click Global Bindings.

com.Intel x86 ~501MHz • RAM . Linux. Type the following command to install the NSauditserver. To install on a Linux operating system 1.2-5 .512 MB • Controller . and FreeBSD: Operating System Windows Software Requirements • Windows XP Professional .9-5.ELsmp • Red Hat Linux 3.4. Run the installations from the root user account.9 Hardware Requirements Linux FreeBSD For Windows / Linux / FreeBSD • Processor .3-9. Copy the installation files from the product CD or download them from the site ftp.rpm file: rpm -i NSauditserver.42 Citrix NetScaler Administration Guide Installing the Audit Server Files This section describes the steps to install the audit server logging executable files on various operating systems.rpm This command extracts the files and installs them in: • /usr/local/netscaler/etc .EL • Red Hat 3.Linux version 2.4.Linux version 2.netscaler.9-5.6.EL4 .2.Linux version 2.20-8 FreeBSD 4.Version 2002 • Windows 2003 server • Windows 2000/NT • Red Hat Enterprise Linux AS release 4 (Nahant) .rpm /tmp 2. The following table lists the minimum system requirements for configuring external audit server logging for Windows. type the following command to copy the NSauditserver.6.rpm file to a temporary directory: cp <path_to_cd>/Utilities/auditserver/Linux/NSauditserver.SCSI Installing Audit Server on the Linux Operating System The following section describes the procedure to install the audit server executable and other files on a system that runs Red Hat Linux. At a command prompt.

Chapter 3 Audit Server Logging 43 • • /usr/local/netscaler/bin /usr/local/netscaler/samples Uninstalling Audit Server on the Linux Operating System This section describes the procedure to uninstall audit server logging on a server that runs on the Linux operating system. use the following command: rpm -qpi *.rpm: Specifies the file name.rpm *. type the following command to uninstall the audit server logging feature: rpm -e NSauditserver For more information about the NSauditserver RPM file. To install on a FreeBSD operating system 1. Change to the <target directory>: cd /<target directory> Use the following command to install the package: . <target directory>: Specifies the path to the directory to which the file should be copied. Installing Audit Server on the FreeBSD Operating System This section describes the procedure to install the audit server executable and other files on the FreeBSD 4. Copy the NSauditserver.rpm To view the installed audit server files use the following command: rpm -qpl *.4 operating system. 2. 3. To uninstall audit server logging At a command prompt.tgz /<target directory> <path_to_cd>: Specifies the system path to the CD drive where the CD device is mounted.tgz file to a <target directory> using the command: cp <path_to_cd>/Utilities/auditserver/Freebsd/ NSauditserver.

exe file from the NSauditserver. When the files are extracted. To install on a Windows operating system 1.conf . type the following command to uninstall the audit server logging package: pkg_delete NSauditserver Installing Audit Server on the Windows Operating System This section describes the procedure to install the audit server executable and other files on the Windows operating system.zip compressed file into a temporary directory. /usr/local/netscaler/etc /usr/local/netscaler/bin /usr/local/netscaler/samples At a command prompt. run the following command from \NS\BIN directory: audserver -install -f <directorypath> \auditlog.tgz This command extracts the files and installs them in: • • • 4. Extract the audserver.44 Citrix NetScaler Administration Guide pkg_add NSauditserver. To install audit server logging as a service. To uninstall audit server logging At a command prompt. type the following command to check whether the package is installed: pkg_info | grep NSauditserver Uninstalling Audit Server on the FreeBSD Operating System This section describes the procedure to uninstall audit server logging on a server that runs on the FreeBSD operating system. the following directories are created: • • • \NS\BIN \NS\ETC \NS\SAMPLES 2.

conf file. 2. for example. audserver -verify -f <path to configuration file> Checks for syntax or semantic errors in the configuration file. . auditlog. change to the following directory: cd \NS\BIN Type the following command to uninstall the audit server logging feature: audserver -remove Note: To uninstall the audit server logging application.Chapter 3 Audit Server Logging 45 <directorypath>: Specifies the path where the auditlog. Note: Userid and password must be valid. Uninstalling Audit Server on the Windows Operating System This section describes the procedure to uninstall audit server logging on a server that runs on the Windows operating system. On execution of the command. Audit Server Options The following table describes the options you can use with the audserver command to configure audit server options. you are prompted to enter the IP address of the system. To uninstall audit server logging 1.conf file is available. Enter the Userid and Password of the system.: Audit Server Options Audit Server Commands audserver -help audserver -addns -f <path to configuration file> Specifies Lists all the available Audit Server options Specifies the system that gathers the log transaction data. At a command prompt. uninstall the auditserver service and remove the directory.

auditlog. type & at the end of the command. for example. use the Ctrl+C key to stop audit server logging. auditlog. audserver -install -f <path to configuration file> Windows Only: Installs the audit server logging client as a service on Windows. Run the audserver command from the directory in which the audit server executable is present: • • On Windows: \ns\bin On Solaris and Linux: \usr\local\netscaler\bin The audit server configuration files are present in the following directories: • • On Windows: \ns\etc On Linux: \usr\local\netscaler\etc The audit server executable is started as . for example./auditserver in Linux and FreeBSD.46 Citrix NetScaler Administration Guide Audit Server Options Audit Server Commands audserver -start -f <path to configuration file> Specifies Starts audit server logging based on the configuration settings in the configuration file. audserver -stop Linux only: Stops audit server logging when audit server is started as a background process. . audserver -stopservice audserver -remove Windows Only Removes the audit server logging service from the registry.conf file. You can also start audit server logging from Start > Control Panel > Services option. Linux only: To start the audit server as a background process.conf file specified in the audit server install option. audserver -startservice Windows Only Starts the audit server logging service. when you enter this command at a command prompt. Alternatively. Note: Audit server logging starts by using the configuration settings in the configuration file.

Using a text editor.conf file: A. Note: A transaction is not recorded if a filter definition does not exist for a log transaction. Defining Filters Define filters in the configuration file (for example. Add the IP address of the Citrix NetScaler System. . or FreeBSD. auditlog. which can be running Windows. Note: For consolidated logging. Define the log filters and log properties. 1. 2. Define log properties for each filter. Note: You can configure the NetScaler to log integrated cache transactions using the audit server logging feature. Verify the configuration. Install audit server logging as described in “Installing the Audit Server Files. The filter applies these log properties to the transactions that match the filter definition. B. make the following changes in the auditlog. 3. Add the IP address of the audit server in the MYIP field. Start audit server logging. you can either use the filter in the sample configuration auditlog. Linux. C.conf file or modify it.) The only way you can configure consolidated logging of all the Citrix NetScaler Systems is by defining the default filter.conf) to configure each Citrix NetScaler to log web transactions handled by the logging server.” on page 42. the default filter is used (if it is enabled.Chapter 3 Audit Server Logging 47 Configuring Audit Server Logging on a Server system Use the following process to configure audit server logging on the server computer. Defining Default Filters To define the default filter. if a log transaction occurs for which there is no filter definition. D.

. (maximum of 64 alphanumeric characters) <ip>. Specify ON to enable the filter to log transactions. specify the subnet mask to be used on a subnet.. or specify OFF to disable the filter..250. logInterval .. The log property definition starts with the key word BEGIN and ends with END as illustrated in the following example: BEGIN <filtername> logFilenameFormat . the filter is ON. specify the IP addresses <mask>.. logDirectory .every day at midnight Weekly .every Sunday at midnight .0 ON Note: FilterName is a required parameter if you are defining a filter with other optional parameters such as IP address.255. END Entries in the definition can include the following: • LogInterval specifies the interval at which new log files are created.0 NETMASK 255.every hour Daily . If no argument is specified.168.. logFileSize .. or the combination of IP address and Netmask. specify the name of the filter. Defining Log Properties Log properties associated with the filter are applied to all the log entries present in the filter.conf file: filter <filterName> [IP <ip>] [NETMASK <mask>] [ON | OFF] <filterName>.255..151 ON To apply the filter F2 to IP addresses 192.254: filter F2 IP 192. Examples filter F1 IP 192.100.100. Use one of the following values: • • • Hourly .1 to 192.250.100.100. type the following command in the auditlog.250.48 Citrix NetScaler Administration Guide Creating Filters To create a filter..

Example: LogInterval size LogFileSize 100 . and so on. see “Checklist for Configuring Audit Server Logging. Exmmddyy. A new file is created when the limit is reached.the first day of the month at midnight None . The default LogFileSizeLimit is 10 MB.1.log.log. The name of the file can be of the following types: • • Static: A constant string that specifies the absolute path and the file name.0. the new files are crated when the file size reaches 100MB. when audit server logging starts. Dynamic: An expression that includes the following format specifiers: • • Date (%{format}t) % creates filename with NSIP Note: For more information. Example: LogFileNameFormat Ex%{%m%d%y}t. Note that you can override the loginterval property by assigning size as its value.only when the log file size limit is reached.log This creates the first file name as Exmmddyy.log. New files are named: Exmmddyy. Example: LogInterval Hourly • LogFileSizeLimit specifies the maximum size (in MB) of the log file. By default the LogInterval property is set to Hourly. Size . In the following example. Example: LogFileSizeLimit 35 • LogFilenameFormat specifies the file name format of the log file.” on page 53.Chapter 3 Audit Server Logging 49 • • • Monthly.only once.

FreeBsd. do not use %t in the LogFilenameFormat parameter. • logDirectory specifies the directory name format of the log file.” on page 53. Mac.log end default . use the directory separator \. see “Checklist for Configuring Audit Server Logging. Example: LogDirectory dir1\dir2\dir3 In the other operating systems (Linux. In Windows.50 Citrix NetScaler Administration Guide LogFileNameFormat Ex%{%m%d%y}t Caution: The date format %t specified in the LogFilenameFormat parameter overrides the log interval property for that filter. etc. use the directory separator /. To prevent a new file being created every day instead of when the specified log file size is reached. Example: LogDirectory dir1/dir2/dir3 Note: For more information. Dynamic: Is an expression containing the following format specifiers: • • Date (%{format}t) % creates directory with NSIP The directory separator depends on the operating system. Default Settings for the Log Properties The following is an example of the default filter with default settings for the log properties: begin default logInterval Hourly logFileSizeLimit 10 logFilenameFormat auditlog%{%y%m%d}t. The name of the file can be either of the following: • • Static: Is a constant string that specifies the absolute path and filename.).

you can delete the NSIPs manually by removing the NSIP statement at the end of the auditlog. for example.1 This creates a log file for NSIP 192. NSIP Userid specifies the username.conf. add the IP addresses of the system that performs the audit server logging and the Citrix NetScaler Systems whose events must be logged.168. At a command prompt. Adding the IP Addresses of the System In the configuration file.Chapter 3 Audit Server Logging 51 Following are two examples of defining the default filters: Example 1: Filter f1 IP 192.10. 10. Since the log file name format is specified. the default values of the other log properties are in effect.conf file.168. .168.1.168.1 with the default values of the log in effect. for example.102. for example.29. Before adding the IP address. During a failover setup. nsroot specifies the password.conf <directorypath> specifies the path to the configuration file (for example auditlog.1. you must add both primary and secondary Citrix Netscaler IPs to auditlog.) You are prompted to enter the information for the following parameters: specifies the IP address of the Citrix NetScaler System.conf using the audserver command.log end f1 This creates a log file for NSIP 192.1 begin f1 logFilenameFormat logfiles.10. type the following command: audserver -addns -f <directorypath>\auditlog. and later you do not want to log all of Citrix NetScaler System event details.10. Password If you add multiple NetScaler IP addresses (NSIP). Example 2: Filter f1 IP 192. To add the IP addresses 1. make sure the username and password exist on the system. nsroot.10.

To verify configuration.conf <directorypath>: Specifies the path to the configuration file (auditlog. at a command prompt.conf <directorypath> specifies the path where the configuration file (auditlog.conf. Starting Audit Server Logging To start audit server logging.52 Citrix NetScaler Administration Guide Verifying Configuration Check the configuration file (auditlog.conf) for syntax correctness to enable logging to start and function correctly. enter the following command at a command prompt: audserver -start -f directorypath\auditlog.conf)resides. use the following command: audserver -stopservice Sample Configuration File Following is a sample configuration file: ############################## # This is the Auditserver configuration file # Only the default filter is active # Remove leading # to activate other filters ############################## MYIP <NSAuditserverIP> MYPORT 3023 # Filter filter_nsip filter on > ON # # begin filter_nsip logInterval Hourly IP <Specify the NetScaler IP address to . type the following command: audserver -verify -f <directorypath>\auditlog. use the following command: audserver -stop To stop audit server logging that starts as a service in Windows.) Stopping Audit Server Logging To stop audit server logging that starts as a background process in FreeBSD or Linux.

make sure the RPC 3010/3011 port is open.log end filter_nsip Filter default begin default logInterval Hourly logFileSizeLimit 10 logFilenameFormat auditlog%{%y%m%d}t. and to troubleshoot problems: 1. 2.log end default Checklist for Configuring Audit Server Logging Use the following checklist when you configure audit server logging. . Verify that the Citrix NetScaler is accessible from the log machine by doing the following: • • 4. Use FTP and Telnet to access the NetScaler. 3.conf file. Verify that the Audit Server IP address is entered in the MYIP field in the auditlog. 5.Chapter 3 Audit Server Logging 53 # # # # logFileSizeLimit 10 logDirectory logdir\%A\ logFilenameFormat nsip%{%d%m%Y}t. Verify that the Citrix NetScaler System username and password are valid. Ping the Citrix NetScaler IP address. If there is a firewall between the NetScaler and logging machine.conf). Verify that the IP address of the system is present in the configuration file (auditlog.

The table includes sample values.54 Citrix NetScaler Administration Guide Configuring Audit Server Logging for a Commonly Used Deployment Scenario This section describes how to configure the audit server logging feature for a commonly used deployment scenario.1.102. which lets you log all NOTICE events of Citrix NetScaler System.1 3024 NOTICE ALL DDMMYYYY LOCAL0 . Parameters for Audit Server Logging Configuration Parameter Name Auditing Type IP Address Port Log Level TCP Logging Date Format Log Facility Value audit1 NSLOG 10. and how to bind the policy globally. The procedures describe how to create an action and a policy. The following diagram illustrates a typical deployment topology for audit server logging: Audit Server Logging Topology The following table lists the parameters that need to be set on Citrix NetScaler System to configure audit server logging.

4. select NSLOG. click Add. 5.1. select the ALL option. on the Policies tab. in the Name text box. expand Auditing. Under Log Levels. and in the Port text box. type 3024. In the Create Auditing Server dialog box. type 10. Click Create and click Close. In the IP Address text box. and select the DDMMYYYY Date format option. and in the Auditing Type drop-down list. In the Create Auditing Policy dialog box. type a name for the policy (for example. 4. select LOCAL0. expand Auditing. To configure audit server policy 1. select the Local option. and click Policies. In the Navigation Pane. In the Navigation Pane. 6. auditpol1). and click Policies. and in Time Zone. 2. expand System. you globally bind the audit log policy auditpol1 and set the priority to 0. In the Navigation Pane. in TCP Logging. 2. and click Policies. 5. 3. In the Log Facility drop-down list. To globally bind the audit log policy 1. select audit1. select the NOTICE check box. 7. On the Policies page. in the Server dropdown list. in the Name text box. select NSLOG.1. select the Servers tab and click Add.Chapter 3 Audit Server Logging 55 Parameters for Audit Server Logging Configuration Parameter Time Zone To create an audit server action Value Local 1. 3. In the Auditing Type drop-down list. expand System. type audit1. In the following procedure. expand Auditing. and click Global Bindings.102. The following procedure explains how to create a policy for the audit server action audit1. On the Auditing page. and click Close. expand System. Click Create. The policy appears on the Policies page. On the Policies page. . 2.

Edit the auditlog. and in the Priority list box.56 Citrix NetScaler Administration Guide 3.102.102./etc/auditlog.conf file.1 .1. Check the version of the auditserver executable using the following command at a command prompt: audserver -version The output appears in the following format: Version: Netscaler Auditing Server (audserver) NS<Release_version>:<Build_Version>. in the Active column.1 Userid: nsroot Password: nsroot 5. The following directories are created: • • • \NS\BIN \NS\ETC \NS\SAMPLES Note: The BIN directory contains the executable audserver.zip.10. In the Bind/Unbind Auditing Global Policies dialog box.exe and the ETC directory contains the auditlog.conf file located at \NS\ETC by changing the values for the following parameters as shown: MYIP 10. Click OK. Type the following command at a command prompt: audserver -addns -f . Date: <Date>. set the priority as 1. To install and configure the audit server tool on a Windows Server 1. Extract the files from NSauditserver. select the check box next to auditpol1. Enter the following values: NSIP: 10. <Time>(release) [Windows NT/2000] 3.conf The system prompts for inputs for the following parameters: NSIP Userid Password 4. 4.. 2.

conf The following output appears: Debug log file is .log-<ddmmyyhhmm> & Log level is 1 Configuration file is correct 7.conf A debug file is created and the following output appears: Debug log file is . The following output appears: NSAUDIT:quitting on 2 signal! ./etc/auditlog.log-<ddmmyyhhmm> & Log level is 1 Configuration file is correct Logging starts and the information is logged in the auditlog%{%y%m%d}t.Chapter 3 Audit Server Logging 57 MYPORT 3024 Filter default begin default logInterval Hourly logFileSizeLimit 10 logFilenameFormat auditlog%{%y%m%d}t.log file in the \NS\BIN directory./nsaudit.. To stop audit server. press Ctrl+C.log end default 6./nsaudit. Start audit server by typing the following command at a command prompt: audserver -start -f …/etc/auditlog. 8. at the command prompt. Verify the configuration using the following command at a command prompt: audserver -verify -f .

58 Citrix NetScaler Administration Guide .

you can also configure web server logging to log transactions based on the virtual IP address. The default size of the buffer is 16 MB. content switching. see “Modifying the Default Buffer Size. the NetScaler collects log transaction data from the servers and stores it in the system buffer. If the server uses the load balancing. Note: For more information about modifying the buffer size.C HAPTER 4 Web Server Logging Web server logging is the process of maintaining a history of page requests that originate from Citrix NetScaler System. In This Chapter How Web Server Logging Works Configuring Web Server Logging Parameters System Requirements for Web Server Logging Installing the NSWL files on the Logging System Configuring Web Server Logging on the Logging System Checklist for Configuring Web Server Logging How Web Server Logging Works With the Web server logging feature enabled. The system can store log file data in the following three formats: • • • W3C Extended log file format NCSA Common log file standard format Custom log format .” on page 60 in this chapter. You must configure filters to allow logging based on a domain name or a server IP address. or cache redirection feature of the system.

The following table describes the parameter you set. select the Web Logging check box. 4. click advanced features. In the Configure Advanced Features dialog box. 5. you must disable and reenable Web server logging. . 3. To enable or disable web server logging using NetScaler command line At the NetScaler command prompt. Custom log formats let you define only those parameters to log that you specify. In the Enable/Disable Feature(s) dialog box. You can display these settings at any time. To disable Web server logging. In the Settings page. Configuring Web Server Logging Parameters You can set parameters to enable web server logging and to modify the size of the buffer that stores the logged information. to enable Web server logging. and click Settings. To activate your modification. expand System.60 Citrix NetScaler Administration Guide The log format that you can use depends on the requirements to troubleshoot a problem. 2. type: enable ns feature WL or disable ns feature WL Modifying the Default Buffer Size You can change the default buffer size of 16MB for Web server logging to suit your requirements. In the navigation pane. To enable or disable web server logging using Configuration Utility 1. Click OK. click Yes. Parameter for Modifying Buffer Size Parameter Buffer Size Specifies Buffer size (in megabytes) allocated for log transaction data in the appliance. Enabling or Disabling Web Server Logging Use either of the following procedures to enable or disable web server logging. clear the check box.

Displaying Web Server Logging Information To see whether web server logging is enabled or disabled using the configuration utility In the navigation pane. In Configure Advanced Features dialog box. 2. under Settings. and click Settings. the Buffer_Size (in MBytes) text box displays the buffer size. enter a value in the Buffer_Size (in MBytes) text box (for example. as described in “Enabling or Disabling Web Server Logging. In the Configure Global Settings dialog box. expand System and click Settings.” on page 60. . On the Settings. click Change advanced features. you must disable and reenable web server logging. type: show ns info To display the buffer size for log transactions using the Configuration Utility In the navigation pane. To configure the buffer size using the NetScaler command line At the NetScaler command prompt. under Web Logging. in the Web Logging section. On the Settings page. On the Settings page. click Change global system settings. expand System. under Modes and Settings. under Settings. expand System and click Settings. In the navigation pane. check to see whether the Web Logging check box is selected. type: set weblogparam -b Size Example set weblogparam -b 32 Note: To activate the new buffer size. 32). To see whether web server logging is enabled or disabled using the NetScaler command line At the NetScaler command prompt. In Configure Global Settings dialog box. Click OK. 4. click Change global system settings. 3.Chapter 4 Web Server Logging 61 To configure the buffer size using Configuration Utitlity 1.

6.SCSI • Processor .9-5.Linux version 2.4.4.20-8 Sun Microsystems 5.6 • Processor .SCSI MAC Linux Solaris FreeBSD If the logging system cannot process the log transaction because a CPU limitation.Linux version 2.9-5.9 .Intel x86 ~501MHz • RAM . To solve the problem.2.3-9. Caution: Reinitiation of logging can result in loss of log transactions.ELsmp • Red Hat Linux 3. To temporarily solve a logger client bottleneck caused by a CPU limitation.6.512 MB • Controller . you need a logger client that can handle the site’s throughput.Linux version 2.EL4 . . type: show weblogparam System Requirements for Web Server Logging The default web server log buffer size of 16 MB can handle up to 10.Version 2002 • Windows 2003 server • Windows 2000/NT RELEASE_PPC Power Macintosh powerpc . you can tune the Web server logging buffer size.sun4u Sun Ultra 5/10 UPA/PCI FreeBSD 4. the Web log buffer overruns and the logging process reinitiates.000 transactions per second on the logging system that meets the requirements shown in the following table: Hardware and Software Requirements for Web Server Logging Operating System Windows Software Requirements • Windows XP Professional .62 Citrix NetScaler Administration Guide To display the buffer size for log transactions using the NetScaler command line At the NetScaler command prompt.2-5 .512 MB • Controller .UltraSPARC-IIi 400 MHz • RAM .9 Hardware Requirements For Windows / Linux / FreeBSD For Solaris 2.6.Darwin Kernel Version 8.EL • Red Hat 3.0 • Red Hat Enterprise Linux AS release 4 (Nahant) .

Copy the NSweblog.tar file into a temporary directory using the command: cp <path_to_cd>/Utilities/weblog/Solaris/NSweblog.tar file with the following command: tar xvf NSweblog. Installing NSWL on a Solaris Operating System Use the following procedure to install the nswl executable and other files on a computer running the Solaris operating system.tar /tmp 2. In the procedures described in the following subsections. the files are extracted and installed in the following directories.) • • /usr/local/netscaler/etc /usr/local/netscaler/bin . (The dot indicates the current directory. <path_to_cd> defines the system path to the drive where the CD device is mounted. You are prompted to select the packages.com.Chapter 4 Web Server Logging 63 Installing the NSWL files on the Logging System This section describes the steps to install the NetScaler Web Server Logging executable files (NSWL) on various operating systems (logging systems). After you select the package number and press Enter. The list of available packages appears.netscaler. 3.0 5. one NSweblog package is shown: 1 NSweblog NetScaler Weblogging (SunOS. 4. Change to the temporary directory: cd /tmp Extract the files from the *. In the following example. Select the package number of the NSweblog to be installed.sparc) 7. To install NSWL on a Solaris operating system 1. and the files are extracted to the NSweblog directory. Copy the installation files from the product CD or download them from ftp. Install the package with the following command: pkgadd -d . Run the installations from a root user account.tar A directory NSweblog is created in the temporary directory.

To install NSWL on a Linux operating system 1. use the following command: rpm -i NSweblog. 2. use the command: pkgrm NSweblog Installing NSWL on a Linux Operating System Use the following procedure to install the nswl executable and the other files on a computer running the Red Hat™ Linux® operating system.64 Citrix NetScaler Administration Guide • 6.rpm /tmp To install the nswl executable.rpm is the file name). To view the installed web server logging files. rpm -qpi *. use the following command (*. Copy the NSweblog.4 operating system. rpm -e NSweblog To get more information on the NSweblog RPM file. /usr/local/netscaler/samples To verify that the package is installed. use the following command. use the following command. To uninstall web server logging. enter the following command: pkginfo | grep NSweblog Note: To uninstall web server logging. (The dot indicates the current directory. . rpm -qpl *.rpm.rpm Installing NSWL on a FreeBSD Operating System Use the following procedure to install the nswl executable and the other files on a computer running the FreeBSD 4.rpm file into a temporary directory: cp <path_to_cd>/Utilities/weblog/Linux/NSweblog.rpm This command extracts the files and installs them in the following directories.) • • • /usr/local/netscaler/etc /usr/local/netscaler/bin /usr/local/netscaler/samples.

(The dot indicates the current directory. Change to the temporary directory: cd /tmp To install the package.tgz file into a temporary directory with the following command: cp <path_to_cd>/Utilities/weblog/macos/NSweblog.tgz This command extracts the files and installs them in the following directories. (The dot indicates the current directory.) • • • 4. copy the NSweblog.Chapter 4 To install NSWL on a FreeBSD operating system Web Server Logging 65 1. To install NSWL on a MAC operating system 1.) .tgz This command extracts the files and installs them in the following directories. /usr/local/netscaler/etc /usr/local/netscaler/bin /usr/local/netscaler/samples To verify that the package is installed. Change to the temporary directory: cd /tmp Install the package using the following command: pkg_add NSweblog. enter the command: pkg_delete NSweblog Installing NSWL on a MAC Operating System Use the following procedure to install the nswl executable and the other files on a computer running the MAC operating system. use the following command: pkg_info | grep NSweblog Note: To uninstall the web server logging package.tgz /tmp 2.tgz file into a temporary directory: cp <path_to_cd>/Utilities/weblog/Freebsd/NSweblog.tgz /tmp 2. At a command prompt. 3. At a command prompt. 3. copy the NSweblog. use the pkg_add command: pkg_add NSweblog.

(The dot indicates the current directory. run the following command from the \NS\BIN folder: nswl -remove Note: To uninstall the web server logging.66 Citrix NetScaler Administration Guide • • • 4. To install NSWL on a Windows operating system 1. run the following command from the \NS\BIN path: nswl -install -f <directorypath> \log.) • • • \NS\BIN \NS\ETC \NS\SAMPLES 3. To uninstall the web server logging. The extracted files are installed in the following directories. Copy the NSweblog. 2. at a command prompt.conf file is available. 4. use the follwoing command: pkg_info | grep NSweblog Note: To uninstall the web server logging package. To install web server logging as a service.exe file (winzip executable) into a temporary directory. enter the command pkg_delete NSweblog Installing NSWL on a Windows Operating System Use the following procedure to install the nswl executable and the other files on a computer running the Windows operating system. /usr/local/netscaler/etc /usr/local/netscaler/bin /usr/local/netscaler/samples To verify that the package is installed. run the nswl -remove command from the \NS\BIN folder: .conf <directorypath> specifies the path where the log.

use the following command. nswl Command nswl -help nswl -addns -f <path to configuration file> Specifies Display all available nswl options The system that gathers the log transaction data. To install NSWL on an AIX operating system 1.) • • • /usr/local/netscaler/etc /usr/local/netscaler/bin /usr/local/netscaler/samples.rpm /tmp To install the nswl executable.rpm NSWL Options The following table describes the options that you can use with the nswl executable. use the following command.rpm This command extracts the files and installs them in the following directories. nswl -verify -f <path to configuration file> Check for syntax or semantic errors in the configuration file (for example. You are prompted to enter the IP address of the system. To view the installed web server logging files.rpm is the file name). (The dot indicates the current directory.rpm. rpm -e NSweblog To get more information on the NSweblog RPM file. use the following command: rpm -i NSweblog.conf). Copy the NSweblog. log. Enter a valid username and password. 2. rpm -qpl *.rpm file into a temporary directory: cp <path_to_cd>/Utilities/weblog/AIX/NSweblog. . rpm -qpi *. use the following command (*.Chapter 4 Web Server Logging 67 Installing NSWL on an AIX Operating System Use the following procedure to install the nswl executable and the other files on a computer running the AIX operating system. To uninstall web server logging.

log. Start web server logging . using the settings in the configuration file (for example..conf) specified in the nswl install option. if nswl was started as a background process. Configuring Web Server Logging on the Logging System Following are the steps to configure web server logging: 1. Run the following commands from the directory in which the nswl executable is located: • • Windows: \ns\bin Solaris and Linux: \usr\local\netscaler\bin The web server logging configuration files are located in the following directory path: • • Windows: \ns\etc Solaris and Linux: \usr\local\netscaler\etc The nswl executable is started as . Web server logging can also be started from Start > Control Panel > Services.68 Citrix NetScaler Administration Guide nswl Command nswl -start -f <path to configuration file> Specifies Start web server logging based on the settings in the configuration file (for example.\nswl in Linux and Solaris. nswl -install -f <path to configuration file> (Windows only) nswl -startservice (Windows only) Installs the web server logging client as a service in Windows. nswl -stop Solaris and Linux only Stop web server logging. Remove the web server logging service from the registry. otherwise. Define log properties .conf). use and at the end of the command. log. 3. nswl -stopservice (Windows only) nswl -remove Stop Web server logging. log. Install web server logging.conf. For Solaris and Linux: To start web server logging as a background process. 2. Modify the web server log configuration file. use CTRL+C to stop web server logging.

Note: Consolidated logging. Define log properties for each filter. enter the following command in the log. Consolidated logging of all servers can be done by defining only the default filter.conf file: Filter <filterName> [HOST name] | [IP ip] | [IP ip 2. Creating Filters To create a filter. 5. the transaction is not recorded unless the default filter is defined. Defining Filters Log filters let you filter the host IP address.Chapter 4 Web Server Logging 69 4. using the web server logging feature. uses the default filter if it is enabled.conf. which logs transactions for which no filter is defined. use a text editor to modify the log. The filter applies these log properties to transactions that match the filter. Modifying the Web Server Log Configuration File To modify the web server logging settings. log. domain name.conf configuration file. Verify the configuration. or you can modify it.. Note: If a filter does not exist for a log transaction. and hostname of the Web servers. Start web server logging Note: You can configure the Citrix NetScaler System to log integrated cache transactions. You must do the following to define filters: • • Define filters in the configuration file (log. Add the IP addresses of the Citrix NetScaler System to the log.. 6.ip n] | [IP ip NETMASK mask] [ON | OFF] .conf) for each server whose web transactions are logged. Defining Default Filters You can use the default filter definition present in the sample configuration file.conf file.

70

Citrix NetScaler Administration Guide

or
Filter <filterName> [HOST name] | [IP6 ip[/prefix length]] [ON | OFF]

The following table lists the parameters that can be set using the filter command:

Parameter filterName HOST name IP ip

Specifies Name of the filter (maximum 64 alphanumeric characters.) Host name of the server for which the transactions are being logged. IP address of the server for which transactions are to be logged (for example, if the server has multiple domains that have one IP address.) Multiple IP addresses (for example, if the server domain has multiple IP addresses.) IPv6 address of the server for which transactions are to be logged. IP addresses and netmask combination to be used on a subnet. Enable or disable the filter to log transactions. If no argument is selected, the filter is enabled (ON).

IP ip 2...ip n: ip6 ip IP ip NETMASK mask ON | OFF

Example

In the following example, you specify an IP address of 192.168.100.0 and netmask of 255.255.255.0. The filter applies to IP addresses 192.168.100.1 through 192.168.100.254.
Filter F1 HOST www.netscaler.com ON Filter F2 HOST www.netscaler.com IP 192.168.100.151 ON Filter F3 HOST www.netscaler.com IP 192.168.100.151 192.165.100.152 ON Filter F4 IP 192.168.100.151 Filter F5 IP 192.168.100.151 HOST www.netscaler.com OFF Filter F6 HOST www.netscaler.com HOST www.xyz.com HOST www.abcxyz.com IP 192.168.100.200 ON Filter F7 IP 192.250.100.0 NETMASK 255.255.255.0 Filter F8 HOST www.xyz.com IP 192.250.100.0 NETMASK 255.255.255.0 OFF

For creating filters for servers having IPv6 addresses.
Filter F9 2002::8/112 ON Filter F10 HOST www.abcd.com IP6 2002::8 ON

Chapter 4

Web Server Logging

71

Defining Filters for Virtual Servers
If the server hosts multiple Web sites and each Web site has its own domain name, and each domain is associated with a virtual server, you can configure Web server logging to create a separate log directory for each Web site. To define a filter for a virtual server, use the following command:
Filter <filterName> <IP>

<filterName>: Specifies the name of the filter <IP>: Specifies the IP address of the virtual server

Defining Log Properties
Log properties associated with the filter are applied to all log entries associated with the filter. Log property definition begins with the keyword BEGIN and ends with END.
Example
BEGIN <filtername> logFormat ... logFilenameFormat ... logInterval ... logFileSize .... logExclude .... END

LogFormat specifies the web server logging feature that supports NCSA, W3C Extended, and custom log file formats. For more information, see “Log File Formats,” on page 78 in this chapter. By default, the logformat property is w3c. To override, enter custom or NCSA in the configuration file, for example:
LogFormat NCSA

Note: For the NCSA and Custom log formats, local time is used to time stamp transactions and for file rotation. LogInterval specifies the intervals at which log files are created. The default property is Daily. If the LogInterval value is specified as: • •

Hourly: A file is created every hour Daily: A file is created every day at midnight

72

Citrix NetScaler Administration Guide

• • •

Weekly: A file is created every Sunday at midnight Monthly: A file is created on the first day of the month at midnight None: A file is created only once, when web server logging starts

Example
LogInterval Hourly

LogFileSizeLimit specifies the maximum size of the log file in MB. It can be used with any log interval (weekly, monthly, and so on.) A file is created when the maximum file size limit is reached or when the defined log interval time elapses. To override this behavior, specify the size as the loginterval property so that a file is created only when the log file size limit is reached. The default LogFileSizeLimit is 10 MB.
Example
LogFileSizeLimit 35

LogFilenameFormat specifies the file name format of the log file. The name of the file can be of the following types: • • Static: Specifies a constant string that contains the absolute path and file name. Dynamic: Specifies an expression containing the following format: • • • • Server IP address (%A) Date (%{format}t) URL suffix (%x) Host name (%v)

Note: For more information, see “Log File Formats,” on page 78 in this chapter.

Example
LogFileNameFormat Ex%{%m%d%y}t.log

This command creates the first file name as Exmmddyy.log, then every hour creates a file with file name: Exmmddyy.log.0, Exmmddyy.log.1,..., Exmmddyy.log.n.

Example LogExclude . LogTime specifies log time as either GMT or LOCAL.Chapter 4 Example LogInterval size LogFileSize 100 LogFileNameFormat Ex%{%m%d%y}t Web Server Logging 73 Caution: The date format %t specified in the LogFilenameFormat command overrides the log interval property for that filter. Default Settings for the Log Properties The following default settings apply to the filter: • • • • • LogFormat: W3C Extended LogInterval: Daily LogFileSize: 10 LogFileNameFormat: Ex%{%m%d%y}t LogTime (logTime): GMT Example 1 Filter f1 IP 192.10.10.html files.10. LogExclude prevents logging of transactions with the specified file extensions.168.168.1 Example 2 Filter f1 IP 192.1 This creates a log file for server 192.html This command creates a log file that excludes log transactions for *. To prevent a new file being created every day instead of when the specified log file size is reached.1 begin f1 . do not use %t in the LogFilenameFormat.168. The defaults are: • • NCSA log file format: LOCAL W3C log file format: GMT.

To verify the configuration. and later you do not want to log all of Citrix NetScaler System log details.168. During a failover setup.74 Citrix NetScaler Administration Guide logFilenameFormat c:\logfiles. At a command prompt.conf using the command. Adding the IP Addresses of the NetScaler In the configuration file.log end f1 This command creates a log file for server 192. add the IP addresses of the NetScaler that performs web server logging.1. The following information appears: NSIP: Username: Password: Enter the following: • • • NSIP: Specify the IP address of the system Username: Specify the username to log on Password: Specify the password If you add multiple NetScaler IP addresses (NSIP). enter the following command: nswl -addns -f <directorypath>\log. enter the following command: nswl -verify -f <directorypath>\log. Verifying the Configuration Check the configuration file (log. Before adding the IP address. To add the IP addresses 1. you must add both primary and secondary Netscaler IPs to log. and the rest of the default values for the log properties remain same.10.conf) for syntax errors to make sure that logging works correctly. you can delete the NSIPs manually by removing the NSIP statement at the end of the log.conf).conf . Only the log file name format is specified. 2.conf <directorypath>: Specifies the path to the configuration file (log.conf file. make sure the username and password exist on the system.

Chapter 4 Web Server Logging 75 <directorypath>: Specifies the path to the configuration file (log. use the following command: nswl -stopservice Sample Configuration File Following is a sample configuration file: ########## # This is the NSWL configuration file # Only the default filter is active # Remove leading # to activate other filters ########## ########## # Default filter (default on) # W3C Format logging.conf). use the following command: nswl -stop To stop web server logging started as a service in Windows. Stopping Web Server Logging To stop web server logging started as a background process in Solaris or Linux.conf <directorypath>: Specifies the path to the configuration file (log. # and the file name is Exyymmdd. type the following command: nswl -start -f <directorypath>\log.log ########## Filter default begin default logFormat logInterval logFileSizeLimit logFilenameFormat W3C Hourly 10 Ex%{%y%m%d}t. new file is created every hour or on reaching 10MB file size.log .conf). Starting Web Server Logging To start web server logging.

# and the file name is /datadisk5/netscaler/log/NS<hostname>/ Nsmmddyy.168.168. # Exclude objects that ends with .168.10 0.67 192.171 ON ########## # NCSA Format logging.65 192.100.100.netscaler.100.100.100.100.71 192.168.225 192.netscaler.jpg .168.100.com IP 192. new file is created every day midnight or on reaching 20MB file size.72 192.89 192.76 Citrix NetScaler Administration Guide end default ########## # netscaler caches example # CACHE_F filter covers all the transaction with HOST name www.log.169 192.log . ########## #Filter IMAGE_SERVER HOST www.gif .168.100.226 192.168.227 192.168.168.168.168.100.64 192.66 192.168.100.168.com and the listed server ip's ########## #Filter CACHE_F HOST www.jar.netscaler.170 192.168.168.100.100.53 ON ########## # netscaler origin server example # Not interested in Origin server to Cache traffic transaction logging ########## #Filter ORIGIN_SERVERS IP 192.100.100.52 192.images.95 192.168.com IP 192.228 OFF ########## # netscaler image server example # all the image server logging.100.168. ########## #begin ORIGIN_SERVERS # # # logFormat logInterval logFileSizeLimit NCSA Daily 40 /datadisk5/ORGIN/log/%v/ # logFilenameFormat NS%{%m%d%y}t. 100.

########## #begin CACHE_F # # # logFormat logInterval logFileSizeLimit NCSA Daily 20 # logFilenameFormat /datadisk5/netscaler/log/%v/ NS%{%m%d%y}t.jar #end ORIGIN_SERVERS ########## # NCSA Format logging.log with log record timestamp as LOCAL.log with log record timestamp as GMT.Chapter 4 Web Server Logging 77 # logExclude .gif . new file on reaching 20MB and the log file path name is # atadisk6/netscaler/log/server's ip/Exmmyydd. ########## #begin IMAGE_SERVER # # # # # logFormat logInterval logFileSizeLimit W3C Size 20 logFilenameFormat /datadisk6/netscaler/log/%AEx%{%m%d%y}t logtime LOCAL #end IMAGE_SERVER ########## # Virtual Host by Name firm.jpg . new file is created every day midnight or on reaching 20MB file size. ########## . can filter out the logging based on the host name by. # and the file name is /datadisk5/netscaler/log/NS<hostname>/ Nsmmddyy.log # logtime GMT #end CACHE_F ########## # W3C Format logging.

151 NETMASK 255.conf file. Client _IP_address User Name Date Time Time Zone Method Specifies the IP address of the client computer Specifies the user name Specifies the date of the transaction Specifies the time when the transaction was completed Specifies the time zone (Greenwich Mean Time or local time) Specifies the request method (for example.0 #begin VHOST_F # # # logFormat logInterval logFileSizeLimit W3C Daily 10 logFilenameFormat /ns/prod/vhost/%v/Ex%{%m%d%y}t #end VHOST_F ########## END FILTER CONFIGURATION ########## Log File Formats The NetScaler supports the following log file formats: • • • • NCSA Common Log Format W3C Extended Log Format Custom Log Format Apache Log Format NCSA Common Log Format If the log file format is NCSA.255. POST) . enter NCSA in the LogFormat argument in the log.2.255.101. The following table describes the NCSA Common log format. GET. the log file displays log information in the following format: Client_IP_address –User_Name [Date:Time –TimeZone] “Method Object HTTP_version” HTTP_StatusCode BytesSent To use the NCSA Common log format.78 Citrix NetScaler Administration Guide #Filter VHOST_F IP 10.

. enter W3C as the Log-Format argument in the log.Chapter 4 Web Server Logging 79 Object HTTP_version HTTP_StatusCode Bytes Sent Specifies the URL Specifies the version of HTTP used by the client Specifies the status code in the response Specifies the number of bytes sent from the server W3C Extended Log Format An extended log file contains a sequence of lines containing ASCII characters terminated by either a Line Feed (LF) or the sequence Carriage Return Line Feed (CRLF. If you want to use the W3C Extended log format. Each line may contain either a directive or an entry.” on page 83 in this chapter. Citrix recommends the use of tab characters.) Log file generators must follow the line termination convention for the platform on which they are run. the standard W3C log format is defined internally as the custom log format. shown as follows: %{%Y-%m-%d%H:%M:%S}t %a %u %S %A %p %m %U %q %s %j %J %T %H %+{useragent}i %+{cookie} i%+{referer}i For a description of the meaning of this each custom format. For example: logFormat W3C %{%Y-%m-%d%H:%M:%S}t %m %U W3C log entries are created with the following format: #Version: 1. Fields are separated by white space. a dash “-” marks the omitted field.html 2001-06-12 12:34:30 GET /sports/football. Customizing W3C Format By default. You can also change the order or remove some fields in this W3C log format. If a field in a particular entry is not used. see “Custom Log Format. Log analyzers must accept either LF or CRLF form.conf file.html Entries Entries consist of a sequence of fields relating to a single HTTP transaction.0 #Fields: date time cs-method cs-uri #Date: 12-Jun-2001 12:34 2001-06-12 12:34:23 GET /sports/football.

Displays the date and time when the entry was added. This document defines version 1. Directive Version: <integer>.html Fields The Fields directive lists a sequence of field identifiers that specify the information recorded in each entry. Field identifiers may have one of the following forms: . Identifies the software that generated the log. Lines beginning with the # character contain directives.0 #Fields: time cs-method cs-uri #Date: 12-Jan-1996 00:00:00 00:34:23 GET /sports/football.] Software: <string> Start-Date: <date> <time> End-Date: <date> <time> Date: <date> <time> Remark: <text> Description Displays the version of the extended log file format used. Note: The Version and Fields directives are required. Analysis tools ignore data recorded in this field..html 12:45:52 GET /sports/football.html 12:21:16 GET /sports/football. Example The following sample log file shows the W3C Extended log format: #Version: 1. Displays the date and time at which the log was started. Displays comments. Identifies the fields recorded in the log.. Displays the date and time at which logging finished. They precede all other entries in the log file.<integer> Fields: [<specifier>.80 Citrix NetScaler Administration Guide Directives Directives record information about the logging process. The following table describes the directives.0.html 12:57:34 GET /sports/football.

Chapter 4 Web Server Logging 81 • • • identifier: Relates to the transaction as a whole. Specifies the time taken (in seconds) for the transaction to complete. prefix(header): Specifies the value of the HTTP header field header for transfer between parties defined by the value prefix. Client to server. Server to client. Specifies the time when the transaction is done. . Server to remote server (prefix used by proxies). Fields specified in this manner always have the type <string>. Identifier date time time-taken bytes Description Specifies the date on which the transaction was done. Remote. Specifies the number of bytes transferred. The following table describes defined prefixes. Application-specific identifier. Remote server to server (prefix used by proxies). Server. r cs sc sr rs x Examples The following examples are defined identifiers that use prefixes: cs-method : Specifies the method in the request sent by the client to the server sc(Referer): Specifies the Referer field in the reply c-ip: Specifies the IP address of the client Identifiers The following table describes the W3C Extended log format identifiers that do not require a prefix. prefix-identifier: Relates to information transfer between parties defined by the value prefix. Prefix c s Specifies Client.

Specifies the server port number Specifies the request method (for example. Specifies the comment returned with status code. Specifies the URL. Specifies the DNS name. which is always HTTP. . Specifies the status code in the response. A zero indicates a cache miss. Identifier IP dns status comment method url url-stem url-query Description Specifies the IP address and the port number. Specifies the service name. The following table describes the W3C Extended log format identifiers that require a prefix. POST). Specifies the query portion of the URL. Specifies the time when the transaction is done. including HTTP headers). Specifies the query portion of the URL. GET. The W3C Extended Log file format allows you to choose log fields. Specifies the status code. Specifies the server IP address. Specifies the URL stem.82 Citrix NetScaler Administration Guide cached Records whether a cache hit has occurred. Specifies the number of bytes sent to the server (request size. Specifies the stem portion of the URL. Specifies the method. These fields are shown in the following table: Field Date Time Client IP User Name Service Name Server IP Server Port Method Url Stem Url Query Http Status Bytes Sent Description Specifies the date on which the transaction is done. Specifies the IP address of the client. Specifies the user name.

3. 2. with third party libraries) to form a new nswl executable. in seconds. ns_userDefFieldVal(): This function implements the custom field value. 4. then returns it as a string that must be added at the end of the log record. Solaris: The libnswl.lib library located in \ns\bin directory on the system manager host computer. Add the following two C functions defined by the system in a source file: ns_userDefFieldName(): This function returns the string that must be added as a custom field name in the log file.Chapter 4 Web Server Logging 83 Bytes Received Time Taken Protocol Version User Agent Cookie Referer Specifies the number of bytes received from the server (response size.conf file. Link the object file with the NSWL library (and optionally.a library located in /usr/local/ netscaler/bin To define the custom log format 1. Custom Log Format You can customize the display format of the log file data as described in the following subsections: Using the NSWL Library to Define a Custom Log Format Use one of the following NSWL libraries depending on whether the nswl executable has been installed on a Windows or Solaris host computer: • • Windows: The nswl. Add a %d string at the end of the logFormat string in the log. Compile the file into an object file. Specifies the version number of HTTP being used by the client. . Specifies the Referer field of the HTTP protocol. Specifies the Cookie field of the HTTP protocol. Specifies the User-Agent field in the HTTP protocol. including HTTP headers). Specifies the time taken for transaction to complete.

follow the steps in the preceding section and define the filter in the log. .conf file as described below. If the %v (Host name) or %x (URL suffix) format specifier is present in a log filename format string.log END CACHE_F Manually Defining a Custom Log Format To customize the format in which log file data should appear. ? \. The characteristics of the request are logged by placing % directives in the format string. BEGIN CACHE_F logFormat custom "%a . | Characters whose ASCII values lie in the range of 0-31 are replaced by the following: %<ASCII value of character in hexadecimal>. *. For example. For example: LogFormat Custom ""%a . . which are replaced in the log file by the values.log and create digital #signature field for each record. # and the file name is /datadisk5/netscaler/log/NS<hostname>/ Nsmmddyy. >. :. the character with ASCII value 22 is replaced by %16."%{user-agent}i" %[%d/%m/%Y]t %U %s %b %T" • • The string can contain the “c” type control characters \n and \t to represent new lines and tabs."%{user-agent}i" [%d/%B/%Y %T -%g] "%x" %s %b%{referrer}i "%{user-agent}i" "%{cookie}i" %d " logInterval Daily logFileSizeLimit20 logFilenameFormat/datadisk5/netscaler/log/%v/NS%{%m%d%y}t. the following characters in the filename are replaced by an underscore symbol in the log configuration filename: ".. ########## # A new file is created every midnight or on reaching 20MB file size. Use the <Esc> key with literal quotes and backslashes. specify a character string (described in the following table) as the argument of the LogFormat log property definition.84 Citrix NetScaler Administration Guide Example If you want to add a digital signature at the end of each record. <. /.

if supplied) Specifies the request method Specifies the time taken to serve the request (in microseconds) Specifies the contents of Foobar: header line(s) in the reply. To ensure continuous logging. including headers (request size) Specifies the bytes sent. Referer and cookie headers.Chapter 4 Web Server Logging 85 Caution: If the %v format specifier is present in a log filename format string. The + after the % in this format informs the logging client to use the + as a word separator. excluding the HTTP headers (request size) Specifies a user-defined field Specifies the Greenwich Mean Time offset (for example. -0800 for Pacific Standard Time) Specifies the remote host Specifies the request protocol Specifies the contents of the Foobar: header line(s) in the request sent to the server. Specifies the bytes received. Specifies the canonical port of the server serving the request Specifies the query string [prefixed with a question mark (?) if a query string exists] Specifies the first line of the request %j %J %l %m %M %{Foobar}o %p %q %r . a separate file is opened for each virtual host. the maximum number of files that a process can have open should be sufficiently large. Referer. excluding the HTTP headers (response size) Specifies the bytes received. See your operating system documentation for a procedure to change the number of files that can be opened. and cookie headers. The system supports the User-Agent. including headers (response size) Specifies the remote log name (from identd. We support the USER-AGENT. The following table describes the data that you can use as the LogFormat argument string: %a %A %a6 %A6 %B %b %d %g %h %H %{Foobar}i Specifies the remote IPv4 address Specifies the local IPv4 address Specifies the remote IPv6 address Specifies the local IPv6 address Specifies the bytes sent.

. and/or cache redirection is used.99]).o. content switching. %.. Specifies the century number (the year divided by 100 and truncated to an integer as a decimal number [1. this is the status of the original request Specifies the time. then it logs it as “Citrix Netscaler system Web Client. and if the user agent value is Citrix Netscaler system Web Client. For example. Specifies the full name of the week day for the locale. then the information is logged as Citrix Netscaler system +Web+Client.” Do not use the <Esc> key on strings from %. Specifies the abbreviated name of the week day for the locale. Values within brackets ([ ]) show the range of values that appear. . Note that clients can insert control characters into the log. . Time Format Definition The following table lists the characters that you can enter as the format part of the %{format}t string (described in the table in the preceding section). Specifies the full name of the month for the locale. Specifies the abbreviated name of the month for the locale. in seconds Specifies the remote user (from auth. in the form given by format. Specifies the time taken to serve the request. [1. may be bogus if return status (%s) is 401) Specifies the URL path requested Specifies the canonical name of the server serving the request This is the virtual server IPv4 address in the system. An alternative is to use the double quote (for example.r. The next table describes what you can enter as the format. Therefore. “%{user-agent}i”. .i and. This is the virtual server IPv6 address in the system. This complies with the requirements of the Common Log Format. if you define the log format as %+{user-agent}i. . . %% %a %A %b %B %C Specifies the same as %.86 Citrix NetScaler Administration Guide %s %t %{format}t %T %u %U %v %V %V6 For requests that were redirected internally.31] in the %d description in the following table shows %d ranges from 1 to 31. in common log format (standard English time format) Specifies the time. and/or cache redirection is used. if load balancing. you should take care when working with raw log files. For example. %. must be in strftime(3) format. content switching. single digits are preceded by a 0. if load balancing.

Specifies the hour (24-hour clock) [0. Monday is the first day of week 1.59] to allow for the occasional leap second and for the double leap second. leading 0 is permitted but not required. single digits are preceded by a blank.m. single digits are preceded by a blank.23]. the range of values is [00. Specifies the seconds [00. %W %y Specifies the number of the week in the year as a decimal number [00. single digits are preceded by 0. 2 represents Tuesday and so on. Specifies the number of the year within the century [00.23]. Specifies the hour (12-hour clock) [1.Chapter 4 Web Server Logging 87 %d %e %h %H %I %j %k %l %m %M %n %p %r %S %t %u Specifies the day of month [1. Specifies the equivalent of either a.m.61]. single digits are preceded by a 0.366]. including the century (for example. or p. single digits are preceded by a 0. Specifies the number of the month in the year [1.99].53]. Inserts a tab. 1993). single digits are preceded by a 0. single digits are preceded by a blank. for the locale. Specifies the appropriate time representation in 12-hour clock format with %p.12]. 0 represents Sunday. Specifies the day of the week as a decimal number [1. Specifies the number of the day in the year [1. Specifies the day of the week as a decimal number [0.31]. Inserts a new line.53].6]. Specifies the day of month [1. %Y Specifies the year.7]. with Sunday as the first day of week 1. Specifies the hour (24-hour clock) [0. single digits are preceded by 0. %U %w Specifies the number of the week in the year as a decimal number [00. .61] rather than [00. 1 represents Sunday.12].59].31]. 5 would be the fifth year of that century.12]. Specifies the abbreviated name of the month for the locale. Specifies the minute [00. Specifies the hour (12-hour clock) [1. For example.

2. Make sure that the Citrix NetScaler system user name and password are valid. or to any of the modified conversion specifications listed in the next paragraph. or a Monday for %W). The difference between %U and %W (and also between modified conversions %OU and %OW) is the day considered to be the first day of the week. Ping the Netscaler IP address Use FTP and Telnet to access the system Verify that the IP address of the NetScaler is present in the configuration file (log. the behavior is undefined and returns 0.conf) . you can derive the other server log formats from the custom formats.88 Citrix NetScaler Administration Guide Note: If you specify a conversion that does not correspond to any of the ones described in the preceding table. The custom log formats that match Apache log formats are: NCSA/combined: LogFormat custom %h %l %u [%t] "%r" %s %B "%{referer}i" "%{user-agent}i" NCSA/Common: LogFormat custom %h %l %u [%t] "%r" %s %B Referer Log: LogFormat custom "%{referer}i" -> %U Useragent: LogFormat custom %{user-agent}i Similarly. Week number 0 contains the days before the first Sunday or Monday in January for %U and %W. Week number 1 is the first week in January (starting with a Sunday for %U. Make sure that the Netscaler is accessible from the logging system by doing the following: • • 3. Apache Log Formats You can derive from the custom logs most of the log formats that Apache currently supports. Checklist for Configuring Web Server Logging Use the following checklist when you configure web server logging or need to troubleshoot problems: 1.

In This Chapter Configuring Clock Synchronization Path Maximum Transmission Unit Discovery Configuring TCP Window Scaling Configuring Selective Acknowledgement Clearing the Configuration Configuring Clock Synchronization You can configure your NetScaler to synchronize its local clock with a Network Time Protocol (NTP) server. You can configure clock synchronization on your NetScaler either by manually modifying the ntp.conf file and then starting the NTP daemon. This ensures that its clock has the same date and time settings as the other servers on your network.conf file 1. you can configure TCP window scaling and selective acknowledgement.C HAPTER 5 Advanced Configurations You can configure network time protocol to synchronize the NetScaler's local clock with the other servers on the network. You can clear any basic or extended configuration on your NetScaler. or by adding NTP server entries in the ntp. . If you enable PMTU discovery. To enable clock synchronization on your NetScaler by modifying the ntp.conf file from the configuration utility or the NetScaler command line. the NetScaler can use it to determine the maximum transmission unit of any Internet channel.conf file. Log on to the NetScaler command line. Configuring Clock Synchronization Manually You can configure clock synchronization manually by logging on to the NetScaler and editing the ntp. For more efficient data transfer.

5.conf -l /var/log/ ntpd. it is recommended that there should be a corresponding restrict entry for each server entry.conf. 8.conf file. Switch to the shell prompt.conf -l /var/log/ ntpd.conf file: restrict localhost restrict 127. 3.log & This entry starts the ntpd service. if the file does not already exist in the directory. Create a file and name it rc. and add the following entry. 6.90 Citrix NetScaler Administration Guide 2.netscaler file. /usr/sbin/ntpd -c /nsconfig/ntp. be sure to remove the following entries from the ntp.conf file to /nsconfig/ntp. Edit /nsconfig/rc. If you want the process to start every time the NetScaler is restarted. checks the ntp.netscaler in the /nsconfig directory. Copy the ntp. add it to the rc.conf and add the IP address for the desired NTP server under the file’s server and restrict entries.2 These entries are required only if you want to run the device as a time server. Note: If you want to start the time synchronization process but restart the NetScaler at a later time. 4.netscaler. Copy the /etc/ntp. and this feature is not supported on the NetScaler.0. Reboot the NetScaler to enable clock synchronization. and logs messages in the /var/log directory. as described in step 6.0. If it already exists in the /nsconfig directory. Note: For security reasons.log & This command starts the time synchronization process. . run the following command from the shell prompt: /usr/sbin/ntpd -c /nsconfig/ntp. Edit /nsconfig/ntp.conf file from the /etc directory to the /nsconfig directory. 7.

Maximum value: 17 (2^17=131072 seconds). Configuring Clock Synchronization Using the Configuration Utility or the CLI You can configure clock synchronization on your NetScaler by adding NTP servers from the Configuration utility or from the CLI and then enabling NTP synchronization. In the Maximum Poll text box. Adding NTP Server Entries You must add NTP server entries to the ntp. open access.Chapter 5 Advanced Configurations 91 If you do not have a local NTP server. Minimum value: 4 (2^4=16 seconds). you can find a list of public. Maximum value: 17 (2^17=131072 seconds). Minimum value: 4 (2^4=16 seconds). click Add. In the navigation pane. and then click NTP Servers. Maximum number of seconds after which the NTP server must poll the NTP messages.ntp. Minimum number of seconds after which the NTP server must poll the NTP messages.org. Before configuring your NetScaler to use a public NTP server. under Public Time Servers List. Must be a power of 2. upgrade. 5). In the Minimum Poll text box. However. The following table describes the parameters you need to set to add NTP servers: Parameters NTP Server Minimum Poll Interval Specifies Name or IP address of the NTP server. or downgrade of the NetScaler. http://www. 1.2. .4). Must be a power of 2. expand System. in the NTP Server text box. On the NTP Servers page. Default: 6 (2^6=64 seconds).3. type the maximum time interval after which you want the NTP server to poll the NTP messages (for example. Default : 10 (2^10=1024 seconds). 2. be sure to read the Rules of Engagement page (link included on all Public Time Servers pages). 3. NTP servers at the official NTP site. 4. type the minimum time interval after which you want the NTP server to poll the NTP messages (for example. 11).conf file so that your NetScaler can synchronize the clock with the clock settings of the other servers on the network. type either the IP address or the name of the NTP server (for example. Maximum Poll Interval To add NTP servers using the Configuration Utility 1. 5. In the Create NTP Server dialog box. The clock synchronization configuration does not change on restart. the configuration does not get propagated to the secondary NetScaler in a High Availability setup.

expand System. type: add ntp server serverIP | serverName -minpoll positive integer -maxpoll positive integer Example add ntp server 1. 4. change the minimum time interval after which you want the NTP server to poll the NTP messages (for example. and then click Open. 3.4 -minpoll 5 -maxpoll 11 Modifying NTP Server Entries You can modify the minimum and maximum polling intervals of the NTP servers.4 -minpoll 7 -maxpoll 9 Removing NTP Server Entries You can remove the NTP servers from the ntp. 7). In the Configure NTP Server dialog box. To modify NTP polling using the Configuration Utility 1. and then click NTP Servers. type set ntp server serverIP | serverName -minpoll positive integer -maxpoll positive integer Example set ntp server 1. 9). Click Create. and click Close.92 Citrix NetScaler Administration Guide 6. In the navigation pane. expand System. and then click NTP Servers. To modify NTP servers using the NetScaler command line At the NetScaler command prompt. click the NTP server that you want to modify.3. change the maximum time interval after which you want the NTP server to poll the NTP messages (for example. To remove NTP servers using the Configuration Utility 1.conf file if you do not want to use these servers. Click Ok.2. 2.2. On the NTP Servers page. In the Maximum Poll text box. in the Minimum Poll text box. In the navigation pane. 5.3. To add NTP servers using the NetScaler command line At the NetScaler command prompt. .

click the NTP server that you want to remove. and then click NTP Servers.4 Displaying NTP Server Entries You can display the details of the NTP servers that you have added to the ntp. you can disable NTP synchronization. type: enable ntp sync . and then click NTP Servers.3. In the navigation pane.conf file. To enable or disable NTP synchronization using the Configuration Utility 1. type show ntp server Enabling or Disabling NTP Synchronization When you enable NTP synchronization.Chapter 5 Advanced Configurations 93 2. the NetScaler uses the NTP server entries in the ntp. click NTP Synchronization. In the Remove message box. On the NTP Servers page. 2. To remove NTP servers using the NetScaler command line At the NetScaler command prompt. In the navigation pane. type: rm ntp server serverIP | serverName Example rm ntp server 1. expand System.conf file to synchronize its local time setting. To enable or disable NTP synchronization using the NetScaler command line At the NetScaler command prompt. you can view all the NTP servers that you have added. To display NTP servers using the Configuration Utility 1. If you do not want to synchronize your NetScaler time with the other servers in the network. click Yes. To view NTP servers using the NetScaler command line At the NetScaler command prompt. 2. and then click Remove. On the NTP Servers page. On the NTP Servers page. expand System. 3.2.

This avoids fragmentation overhead on the routers in the path. and reassembly overhead on the receiving server. In USIP mode. and Path MTU is smaller than the size of the datagram. the NetScaler translates it and sends it to the managed server. All packets subsequently sent via that connection have the DF bit unset. The NetScaler in Transparent Mode In transparent mode. The MTU value for that client is also updated in the NetScaler. it adjusts the MTU to the MIP and updates the MTU database so that the lower MTU is used for subsequent connections. The NetScaler in End-Point Mode In end-point mode. the NetScaler separately manages connections to the servers it manages and connections to the clients that contact those servers. the NetScaler is deployed in front of the servers it manages. the NetScaler receives an ICMP error. Note: This affects all clients using that MIP. and either manages connections from clients on behalf of these servers (transparent mode). The discovered PMTU is used by the TCP or UDP layer to create packets of an optimum size for that channel. when an ICMP error message is received. if a managed server sets the DF bit and sends a datagram. and subsequent datagrams are sent with the lowered MTU. All new connections then use the lowered MTU. In a typical topology. not just the client that generated the ICMP error. The managed server updates the MTU for that destination. or manages connections with the servers and clients independently (endpoint mode). This mode enables the NetScaler to interoperate with other routers participating in PMTU discovery.94 Citrix NetScaler Administration Guide or disable ntp sync Path Maximum Transmission Unit Discovery Path maximum transmission unit (PMTU) discovery is a method for dynamically learning the maximum transmission unit of any Internet channel. . PMTU discovery is an operational mode in the NetScaler. When the NetScaler is operating in MIP mode.

expand System. but parses it and determines an MTU appropriate for that particular client. type: enable ns mode PMTUD or disable ns mode PMTUD Configuring TCP Window Scaling The TCP window scaling option increases the TCP receive window size beyond its maximum value of 65. Thereafter. The main purpose of the window is flow control. 2. In the Navigation Pane. the router sends an ICMP error to the NetScaler. The NetScaler does not pass the error to the servers it manages. The NetScaler then updates the MTU database with the lower MTU. To enable or disable PMTU discovery using configuration utility 1. under Modes & Features click Change modes. Enabling or Disabling PMTU Discovery The NetScaler does not participate in PMTU Discovery by default. In the Configure Modes dialog box. or clear the check box to disable it. the NetScaler uses an Maximum Segment Size (MSS) of 1460 bytes. . and then click Settings. This TCP option is defined in RFC 1323. 3.535 bytes. If the network contains a router that fragments the packet into multiple datagrams because of MTU mismatches. it uses the new MTU value for all new connections to that client. select the Path MTU Discovery check box to enable this feature. On the Settings page. A TCP window determines the amount of outstanding (unacknowledged by the recipient) data a sender can send on a particular connection before receiving any acknowledgment from the receiver.Chapter 5 Advanced Configurations 95 For client connections. and click OK To enable or disable PMTU discovery using using the NetScaler command line At the NetScaler command prompt. The window scaling option is required for efficient transfer of data over long fat networks (LFNs).

windows scaling will not be used for the connection. The scale factor is carried in the new TCP window scale field. You do not configure window scaling unless you clearly know why you want to change the window size. If only one side of a connection is sets this option. To configure window scaling. which limits the ability of the sender to advertise a window size larger than 65535 ( 2^16 . use either of the following procedures: To configure Window Scaling using the configuration utility 1.1). Possible values: 0 to 8. Default: 4. because this could have adverse effects on the NetScaler and the network. The following table describes the parameters used to configure window scaling: Parameters Windows scaling factor Specifies Factor used to calcualte new window size .96 Citrix NetScaler Administration Guide The window size field in the TCP header is 16 bits. It is possible to have window scaling between the client and a Citrix NetScaler and not the a Citrix NetScaler and a server. window scaling is not enabled. under Global Settings. make sure that: • • • • You do not set a high value for the Scale Factor. expand System and click Settings. . You have enabled SACK (selective acknowledgement). Each connection for same session (such as TCP session between Client and NetScaler and TCP session between NetScaler and Server having the same request/response) is an independent Window Scaling session. 2. click Change global system settings. • By default. The TCP window scale extension expands the definition of the TCP window to 30 bits by using a scale factor to carry this value in the 16 bit window field of the TCP header. On the Settings page. Both hosts in the TCP connection send a window scale option during connection establishment. The new window size is calculated by the receiver. In the NetScaler. [right shifting the bits of the received window size by the scale factor value] which is equivalent to [(2^scale factor) * received window size] Before configuring window scaling. the window scale expands the definition of the TCP window to 24 bits. In the navigation pane. This field is sent only in a SYN packet (a segment with the SYN bit on).

5. expand System and click Settings. As a result. Click Ok. SACK is disabled. and click Ok. type: set ns tcpParam -WS value -WSVal value Example set ns tcpParam -WS ENABLED -WSVal 5 Configuring Selective Acknowledgement The NetScaler supports Selective Acknowledgement (SACK). the sender (either a Citrix NetScaler or a client) needs to retransmit only those segments that were lost during transmission. Use either of the following procedures to enable it. click Change global system settings.SACK value Example set ns tcpParam -SACK ENABLED . type: set ns tcpParam . under Global Settings. select the Selective Acknowledgement checkbox. as defined in RFC 2018. To enable Selective Acknowledgement (SACK) using the NetScaler command line At the NetScaler command prompt. 3. Using SACK. In the Configure Global Settings dialog box. SACK is important in long fat networks (LFNs). On the Settings page. In the Configure Global Settings dialog box. select the Windows Scaling checkbox. type a windows scaling factor (for example. To enable SACK using the Configuration Utility 1.Chapter 5 Advanced Configurations 97 3. By default. the data receiver (either a Citrix NetScaler or a client) notifies the sender about all the segments that have been received successfully. This improves the performance of data transmission. 4. To configure Window Scaling using the NetScaler command line At the NetScaler command prompt. In the navigation pane. In the Factor textbox. 2. under TCP. 5).

expand System. and SNIP(s) Network settings (Default Gateway. Click Run. and DNS settings) HA node definitions Feature and mode settings Default administrator password (nsroot) Extended Configuration: Clearing your configuration at the extended level clears all settings except the following: • • • NSIP. 3. select an option (for example. and then click Diagnostics. the NSIP and default gateway are not changed. and DNS settings) HA node definitions Feature and mode settings revert to their default values. NTP. MIP(s). Full Configuration: Clearing your configuration at the full level returns all settings to their factory default values. NTP. MIP(s). VLAN. VLAN. In the Clear Configuration dialog box. To clear a configuration. To clear configuration using the NetScaler command line At the NetScaler command prompt. 4. type: clear ns config level . In the Navigation Pane. On the Diagnostics page. However. for Configuration Level. basic). You can clear your NetScaler configuration in different levels as described below: Basic Configuration: Clearing your configuration at the basic level clears all settings except the following: • • • • • NSIP. because changing them could cause the NetScaler to lose network connectivity. 2. and SNIP(s) Network settings (Default Gateway. use either of the following procedures: To clear a configuration using the configuration utility 1. click Clear Configuration. RHI. RHI.98 Citrix NetScaler Administration Guide Clearing the Configuration This section provides instruction for clearing the configuration on your NetScaler. under Maintenance.

Chapter 5 Example clear ns config basic Advanced Configurations 99 .

100 Citrix NetScaler Administration Guide .

5. Every report contains at least one chart. and you can modify the charts. After you have logged in. the reporting tool page appears as follows.29. Use the Web browser of your choice to connect to the IP address of the NetScaler (for example. 4. In This Chapter Using the Reporting Tool How Data Collection Works Using the Reporting Tool The Reporting tool is a Web-based interface. In the Password text box. The Web Logon screen appears. you can create custom reports (which you can modify at any time). http://10. Click the Login button. You can modify the charts and add new charts.102. type the user name assigned to your NetScaler. 2. To invoke the Reporting tool 1. 3. In the User Name text box. The reports use charts to display the statistics.170/). In addition to using the built-in reports.C HAPTER 6 Reporting Tool The Reporting tool of Citrix NetScaler provides built-in reports that display statistics collected by the nscollect utility. . You can add additional charts to custom reports. You can also modify the operation of the nscollect utility and stop or start its operation. In the Start in drop-down box. select Reporting. type the password. Use the Reporting tool to display the performance statistics data as reports containing graphs. You can also create custom reports.

which is also called the details pane. and it appears in the right pane. To view a report. You can modify a report. create custom reports. Under Built-in Reports. Details Pane: The details pane is the right portion of the Reporting page. Under Custom Reports. . a collapsible menu contains links to different categories of built-in reports. and view reports for different time intervals using various options available in the details pane. It has two sections for each type of report: Custom Reports and Built-in Reports. you can access custom reports you create.102 Citrix NetScaler Administration Guide Reporting Tool Page The components of the reporting tool are: • • • • Navigation Pane Details Pane Report Toolbar Chart Toolbar Navigation Pane: The navigation pane extends down the left side of the screen. which displays the report you clicked in the navigation pane. click the report.

For more information on charts. . Working with Reports Reports let you plot and monitor statistics for the various functional groups configured on the NetScaler over a specified time interval. as described in the following table. Beneath each chart is a chart toolbar with options for changing the chart to a different type or charting different counters. Prints the report to paper.Chapter 6 Reporting Tool 103 Report Toolbar: You can use the options on the report toolbar in the details pane to do the following: • • • • • View reports in different time intervals Create new custom reports Save built-in reports as custom reports Delete reports Change the settings of the reports and select a different data source Chart Toolbar: Each report is a collection of charts. Displays a default report whenever you log on. the first built-in report (CPU vs. This enables you to troubleshoot or analyze the behavior of your appliance. you can use the options on the report toolbar. Basic operations on reports Basic operation Refresh Print Set as default Remove as default Action Refreshes the report to display the latest performance data. or moving the chart up or down within the report. see “Working with Charts. deleting a chart. Removes the default setting of the current default report and sets the first custom report as default. With either type.” on page 106. The chart toolbar also has icons for adding a new chart. Memory Usage and HTTP Requests Rate) is set as the default report. Note: This button appears only when you click the report that is set as default. There are two types of reports: built-in reports and custom reports. If there is no custom report available.

System). You can create upto 256 custom reports. and to set the data source and time zone. You can plot different counters for different groups based on your requirements. or delete charts. You can use the report toolbar to modify the interval. Click a report (for example. Compression. a newly created custom report contains one chart named System Overview. or you can create a new report. modify. Note: You need to save a built-in report as a custom report if you make any changes to it. last week. you can view the reports for the last day. or last year. Using Built-in Reports The Reporting tool provides built-in reports for frequently viewed data. Integrated Cache. Creating a Report Use the Create function to create a new custom report. Network. or use the Save As function to save an existing report as a custom report. 2. By default.104 Citrix NetScaler Administration Guide Basic operations on reports Basic operation Save as Save Action Saves a report as a new custom report. You can save a built-in report as a custom report. . which displays the CPU Usage counter plotted for the last hour. the built-in reports are displayed for the last hour. as described in “Working with Charts. In the navigation pane. Built-in reports are available for the following seven fuctional groups: System. CPU vs. However. and Application Firewall. By default. Saves the changes made in a custom report. you can use chart toolbars to add. Access Gateway. expand a group (for example. Memory Usage and HTTP Requests Rate). SSL. Within a report. To display a built-in report 1. Creating and Modifying Custom Reports You can create your own custom reports and save them with user-defined names for reuse. last month. under Built-in Reports.” on page 106.

The following table describes the time-interval options. To modify the time interval 1. Statistics data collected for a time period that you are prompted to specify. You can also apply the currently displayed report's time selection to all the reports. In Report Name box. Statistics data collected for the last year (365 days). click Create or Save As. . In the details pane. on the report toolbar. In the navigation pane. Statistics data collected for the last week (7 days). Modifying the Time Interval By default. on the report toolbar. Year. Week.” on page 109. you can change the time interval and save the report as a custom report. click a report. Month. However. Setting the Data Source and Time Zone You can retrieve data from different data sources to display them in the reports. and Custom). see “How Data Collection Works.Chapter 6 To create a custom report Reporting Tool 105 1. The new interval applies to all charts in the report. Hour. including the built-in reports. You can also define the time zone the reports must use. 2. Statistics data collected for the last day (24 hours). built-in reports display data for the last hour. type a name for the custom report. click a time period (for example. Time intervals Time interval Last hour Last day Last week Last month Last year Custom time period Displays Statistics data collected for the last hour. and then click OK. For information on data sources. Statistics data collected for the last month (31 days). Day. 2. In the details pane.

You can move the charts up or down within the report. In the details pane. To plot a different group of statistics or select a different counter.” on page 106. Select the Remember time selection for charts check box if you want to apply the time interval of the currently displayed report to all the existing reports. on the report toolbar. in Data Source. In the navigation pane. click a report.106 Citrix NetScaler Administration Guide To set the data source and time zone 1. In the details pane. You can also delete a chart when you do not want to monitor it. Adding a Chart When you add a chart to a report. 2. In all report charts. 5. 2. area and bar). . 4. The counters can use different graphical formats (for example. 3. and by selecting different counters. see “Modifying a Chart. Note: If you add charts in a built-in report. select the data source from which you want to retrieve the counter information. Modifying a Chart You can modify a chart by changing the functional group for which the statistics are displayed. you must save the report as a custom report. click Settings. To add a chart 1. You can include up to four charts in one report. Select the Use Appliance’s time zone check box if you want the reports to use the time settings of your NetScaler appliance. on the toolbar for the chart beneath which you want to add the new chart. the System Overview chart appears with the CPU Usage counter plotted for the last one hour. In the Settings dialog box. Use the following procedure to add a chart in a report. click the Add icon. Working with Charts Use charts to plot and monitor counters or groups of counters. In each chart. the horizontal axis represents time and the vertical axis represents the value of the counter. you can plot up to 16 counters. Click OK.

Viewing Different Graph Types of a Chart You can specify the graphical formats of the plotted counters in a chart. In the Counters area. such as Load balancing and GSLB. click the counter name(s) you want to plot. under Available. The following graph types are supported. 7. Next to Plot chart for. In the details pane. in the Chart Title box. If you selected System entities statistics in step 4. if you want to plot counters for global counters. click the entity instance name(s) you want to plot. Click OK. click Counters. In the Navigation pane. 6. In the dialog box that appears. and then click the > button. click a report.Chapter 6 To modify a chart Reporting Tool 107 1. 5. System entities statistics. on the toolbar for the chart that you want to modify. such as Integrated Cache and Compression. 4. and then click the > button. type a name for the chart. select one of the following: • • System global statistics. Graph types Graph type Line Area Bar Stacked Area Stacked Bar Displays statistics as Line chart Area chart Bar chart Stacked area chart Stacked bar chart . click the Entities tab and. 2. if you want to plot entity counters for entity types. under Available. 3.

To compare bytes received rate and bytes transmitted rate between two interfaces for the last week 1. click the Delete icon. you need to save the report as a custom report. Examples To display the trend report for CPU usage and memory usage for the last one day. type a name for the custom report (for example. In the details pane. click a time period (for example. In the navigation pane. 3. In the details pane. Deleting a Chart If you do not want to use a chart.108 Citrix NetScaler Administration Guide To change the graph type of a chart 1. Memory Usage and HTTP Requests Rate. Note: If you have selected a built-in report. In the navigation pane. click Counters. 1. Custom_Interfaces). on the chart toolbar. or the changes will be lost. Day). In the details pane. 3. To delete a chart 1. If you delete a chart from a built-in report. click Create. such as Area and Bar. under System Overview. 2. select a report (either built-in or custom report). On the report tool bar. The report is created with the default System Overview chart. select a report. 2. under the chart you want to view. You can permanentely remove charts from custom reports only. which displays the CPU Usage counter plotted for the last hour. and then click OK. on the toolbar for the chart that you want to delete. on the report toolbar. under Built-in Reports. Click report CPU vs. In the details pane. you can remove it from the report. In the navigation pane. expand System. In the Report Name box. on the chart toolbar. click a graph type. 2. . you need to save this report as a custom report. 2.

Note: The Reporting tool supports only numerical counters. there is a limit on the number of different entities that you the nscollect can retrieve. in the Chart title box. click a time period (for example. Week). The data collection utility nscollect retrieves data from the NetScaler and updates the data source. 8. In Entities. 9. The nscollect utility retrieves n number of entity counters and creates the entity database. you need to delete the unused entity counters manually. select Interface. The entity-specific databases are created based on the entities configured on the NetScaler. and then in Select Group. The default data source is /var/log/db/default. However. Before creating a database for an entity. However. It retrieves all the counters available for a group. click the counter name(s) you want to plot (for example. If the first n counters change in the subsequent fetch. nscollect allocates a unique number to the entity and creates the database based on that number. 7. the database stores more than n entries for that entity type. In the counter selection pane. Click OK. This utility runs automatically when you start the NetScaler. as described in the table “Limits on entity numbers. On the report toolbar. Limits on entity numbers Entity Name Content Switching Virtual Servers Limit 100 . Interfaces_bytes_received_and_transmitted). type a name for the chart (for example. It creates a database for global counters at /var/log/db/ DataSourceName. In Counters.Chapter 6 Reporting Tool 109 4. and then click the > button. In Plot chart for. 5. 1/1 ans 1/2). Bytes received (Rate) and Bytes transmitted (Rate)). click System entities statistics. How Data Collection Works The performance data is stored in different data sources in the NetScaler. 6.” on page 109. and then click the > button. A specific folder is created for each entity type in /var/log/db/DataSourceName/EntityNameDB. click the interface name(s) you want to plot (for example. You can create up to 32 data sources.

You may also want to stop nscollect to back up the databases or if you want to create a new data source. For more information on importing from newnslog files. However. nscollect retrieves data at every 5-minute interval. you can stop and then restart the utility. The nscollect utility can also import data from the newnslog file (within the same release or across releases) to the data source. if data is not updated accurately. the nscollect utility automatically starts. see “Importing Data from the newnslog File. or there is corrupted data displayed in the reports.110 Citrix NetScaler Administration Guide Limits on entity numbers Entity Name Cache Redirection Virtual Servers DOS Policies GSLB Domains GSLB Services GSLB Sites GSLB Virtual Servers Interfaces LB Virtual Servers ACLs ACL6 Priority Queuing Policies RNAT IP Addresses SureConnect Policies Services Service Groups System CPU VLAN VPN Virtual Servers Limit 50 100 100 100 32 100 8 100 100 50 100 100 100 250 100 8 25 5 By default. Data is maintained in 5-minute granularity for one day. hourly for the last 30 days.” on page 111. Stopping and Starting the Data Collection Utility When you start the NetScaler. . and daily for three years.

170:nsroot:nsroot -ds default Importing Data from the newnslog File The nscollect utility can import data from the newnslog files (within the same release or across releases) to the data source. To import data from a file at the default time interval At a NetScaler command prompt. type the following: /netscaler/nscollect start -U NS_IP:UserName:Password -ds DataSourceName Example /netscaler/nscollect start -U 10. You must clean the data source before importing data from multiple files if you import the data in any order other than that in which the newslog files were created (that is. However.Chapter 6 To stop nscollect Reporting Tool 111 At a NetScaler command prompt. you can set nscollect to import data from a newnslog file for a specific duration. Before importing data from the file. type the following: /netscaler/nscollect stop You can start nscollect on either the local system or a remote system.29. it by default imports the data at 5-minute intervals.102. To start nscollect on the local system At a NetScaler command prompt. you can clean the data source.24 -ds default To import data from a file for a specific duration At a NetScaler command prompt. When you set nscollect to import data from a newnslog file. type the following command: . Use one of the following procedures to import data from newnslog files. using the incremental method in temporal order). type the following command: /netscaler/nscollect import -file FileName -ds DataSourceName Example /netscaler/nscollect import -file newnslog. type the following: /netscaler/nscollect start To start nscollect on the remote system At a NetScaler command prompt.

112 Citrix NetScaler Administration Guide /netscaler/nscollect import -file FileName -ds DataSourceName starttime MMDDYYYYHHMM -endtime MMDDYYYYHHMM Example /netscaler/nscollect import -file newnslog.15 -ds default -clean .3 -ds default -starttime 112220080735 -endtime 112320080735 To clean the data source and import data At a NetScaler command prompt. type the following command: /netscaler/nscollect import -file FileName -ds DataSourceName -clean Example /netscaler/nscollect import -file newnslog.