Citrix Systems CITRIX NETSCALER 9.3 manual Configuring the NetScaler for Snmp v1 and v2 Queries

Page 54

Chapter 2 SNMP

Parameters for unconditional SNMP trap logging

SnmpTrapLogging (SNMP Trap Logging)

Enable the NetScaler appliance to log any SNMP traps messages (for those respective SNMP alarms in which logging is enabled) even when no trap listeners are configured. Possible Values: ENABLED, DISABLED. Default: DISABLED.

To enable or disable unconditional SNMP trap logging by using the configuration utility

1.In the navigation pane, expand System, and then click SNMP.

2.In the details pane, under Settings, click Configure SNMP Options.

3.In the Configure SNMP Options dialog box, select the SNMP Trap Logging check box.

4.Click OK.

Configuring the NetScaler for SNMP v1 and v2 Queries

You can query the NetScaler SNMP agent for system-specific information from a remote device called SNMP managers. The agent then searches the management information base (MIB) for the data requested and sends the data to the SNMP manager.

The following types of SNMP v1 and v2 queries are supported by the SNMP agent:

wGET

wGET NEXT

wALL

wGET BULK

You can create strings called community strings and associate each of these to query types. You can associate one or more community strings to each query type. Community string are passwords and used to authenticate SNMP queries from SNMP managers.

For example, if you associate two community strings, such as abc and bcd, to the query type GET NEXT, the SNMP agent on the NetScaler appliance considers only those GET NEXT SNMP query packets that contain abc or bcd as the community string.

Specifying an SNMP Manager

You must configure the NetScaler appliance to allow the appropriate SNMP managers to query it. You must also provide the SNMP manager with the required NetScaler-specific information. You can add up to a maximum of 100 SNMP managers or networks.

For an IPv4 SNMP manager you can specify a host name instead of the manager's IP address. If you do so, you must add a DNS name server that resolves the host name of

54

Image 54

Contents Citrix NetScaler Administration Guide Copyright and Trademark Notice Page Page Contents Snmp Vii Audit Logging Web Server Logging 105 Advanced Configurations Contents Web Interface AppFlow Reporting Tool Contents Xvi Formatting Conventions for NetScaler Documentation This PrefaceFormatting Conventions Meaning Boldface Documentation Available on the NetScaler Appliance ConventionTo view the documentation Getting Service and Support NetScaler Documentation FeedbackTo provide feedback at the Knowledge Center home Preface Authentication and Authorization TopicsConfiguring Users and Groups Configuring User AccountsShow system user Example Timeout CLI Idle Session Timeout Secs Parameters for configuring a user accountPassword Password UserName User NameConfiguring User Groups To create a user group by using the NetScaler command lineShow system group Example Show system group groupName Example GroupName Group Name Parameters for configuring a user groupShow system group groupName UserNameConfiguring Command Policies Built-in Command PoliciesCLI Prompt CLI Idle Session Timeout Secs Except show runningconfig, show Creating Custom Command PoliciesBuilt-in Command Policies Policy name Allows Runningconfig, and sh gslbMatches these commands Command specification regular expressionPolicyname Parameters for configuring a command policySh system cmdPolicy Example ActionBinding Command Policies to Users and Groups Sh system user userName Parameters for binding a command policy to a userSh system user userName Example PrioritySh system group groupName Parameters for binding a command policy to a groupSh system group groupName Example GroupNameResetting the Default Administrator nsroot Password To reset the nsroot passwordExample of a User Scenario Fsck /dev/ad0s1a Mount /dev/ad0s1a /flashConfiguration steps Sample Values for Creating Entities FieldConfiguring External User Authentication Configuring Ldap Authentication Examples of Base Distinguished Name Ldap server Base DN Examples of Bind Distinguished Name Ldap serverBind DN Authentication Type, select LDAP. Next to Server, click New Determining attributes in the Ldap directory Configuring Radius Authentication Choosing Radius authentication protocolsAuthentication Type, select Radius Configuring IP address extraction Configuring TACACS+ Authentication Configuring NT4 AuthenticationAuthentication Type, select Tacacs Authentication Type, select NT4 Authentication and Authorization Snmp Importing MIB Files to the Snmp Manager and Trap Listener Enabling or Disabling an Snmp Alarm Enable snmp alarm alarm name Sh snmp alarm alarm nameParameters for configuring Snmp alarms Configuring AlarmsTo configure an Snmp alarm by using the command line SeverityConfiguring Traps To configure Snmp alarms by using the configuration utilityTo add an Snmp trap by using the NetScaler command line Parameters for configuring Snmp traps To configure Snmp Traps by using the configuration utilityEnabling Unconditional Snmp Trap Logging Parameters for unconditional Snmp trap logging Configuring the NetScaler for Snmp v1 and v2 QueriesSpecifying an Snmp Manager SnmpTrapLogging Snmp Trap LoggingTo add an Snmp manager by using the NetScaler command line Show snmp managerParameters for configuring an Snmp manager IPAddressTo add an Snmp manager by using the configuration utility Sh snmp community Parameters for configuring an Snmp community stringSpecifying an Snmp Community PermissionsConfiguring Snmp Alarms for Rate Limiting Configuring an Snmp Alarm for Throughput or PPSCommunity String*-communityName Show snmp alarm PF-RL-RATE-THRESHOLD NormalValue Show snmp alarm PF-RL-PPS-THRESHOLDThresholdValue StateConfiguring Snmp Alarm for Dropped Packets Alarm Threshold-thresholdValue Normal Threshold-normalValueConfiguring the NetScaler for SNMPv3 Queries Parameters for configuring an Snmp alarm for dropped packetsSetting the Engine ID Parameters for setting the engine ID Configuring a ViewTo set the engine ID by using the NetScaler command line To set the engine ID by using configuration utilityConfiguring a Group Parameters for configuring an Snmp viewTo add an Snmp group by using the NetScaler command line To configure a user by using the NetScaler command line Configuring a UserParameters for configuring an Snmp group SecurityLevelParameters for configuring an Snmp user Citrix NetScaler Administration Guide Snmp Audit Logging Audit Logging Configuring the NetScaler Appliance for Audit Logging Configuring Audit ServersShow audit syslogAction name ServerIP Parameters for configuring auditing serversShow audit nslogAction name ServerPortLog levels defined Configuring Audit Policies To configure an auditing server actionTo configure a Syslog policy by using the command line To configure an Nslog policy by using the command line Parameters for configuring audit policiesRule Parameters for binding the audit policies globally To configure an audit server policyBinding the Audit Policies Globally Name* name Server* actionTo globally bind the audit policy Configuring Policy-Based LoggingConfiguring an Audit Message Action Pre RequisitesBypassSafetyCheck StringBuilderExprLogtoNewnslog Installing and Configuring the Nslog Server Binding Audit Message Action to a PolicyInstalling Nslog Server on the Linux Operating System Supported Platforms for the Nslog Server Operating systemSoftware requirements Installing Nslog Server on the FreeBSD Operating System Pkginfo grep NSaudserver Pkgdelete NSaudserverTo install Nslog server on a Windows operating system On the system, where you have downloaded the Nslog packageAudserver -remove Nslog Server Command OptionsTo uninstall the Nslog server on a Windows operating system Audserver -stopTo add the IP addresses of the NetScaler appliance Audserver -remove SpecifiesVerifying the Nslog Server Configuration File Running the Nslog ServerTo start audit server logging Customizing Logging on the Nslog Server Creating FiltersTo create a filter Specifying Log Properties Default Settings for the Log Properties Sample Configuration File audit.conf Following is a sample configuration fileWeb Server Logging Configuring the NetScaler Appliance for Web Server Logging Enabling or Disabling Web Server LoggingSh weblogparam Example Modifying the Default Buffer SizeParameter for modifying the buffer size Buffer SizeTo modify the buffer size by using the configuration utility Supported Platforms for the Nswl Client Operating systemInstalling Nswl Client on a Solaris Operating System Hardware requirementsCp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp Tar xvf NSweblog.tar Installing Nswl Client on a Linux Operating SystemCd /tmp Pkginfo grep NSweblogInstalling Nswl Client on a FreeBSD Operating System To view the installed Web server logging filesTo get more information about the NSweblog RPM file Installing Nswl Client on a Mac OS Operating System Pkgdelete NSweblogCp pathtocd/Utilities/weblog/macos/NSweblog.tgz /tmp Installing Nswl Client on a Windows Operating System To install the Nswl client on a Windows systemCp pathtocd/Utilities/weblog/AIX/NSweblog.rpm /tmp Installing Nswl Client on an AIX Operating SystemTo uninstall the Nswl client on a Windows system Rpm -i NSweblog.rpmNswl Client Command Options Nswl Command Options Nswl command SpecifiesAdding the IP Addresses of the NetScaler Appliance To add the Nsip address of the NetScaler applianceNswl -addns -f directorypath \log.conf Running the Nswl Client Verifying the Nswl Configuration FileTo verify the configuration in the Nswl configuration file Customizing Logging on the Nswl Client SystemParameters for Creating a Filter Specifies On OFFTo create a filter for a virtual server LogFormat Ncsa Understanding the Ncsa and W3C Log Formats Ncsa Common Log FormatW3C Extended Log Format Ncsa Common Log Format Argument SpecifiesEntries DirectivesDirective Descriptions Prefix Descriptions Specifies FieldsIdentifiers ExamplesW3C Extended Log Format Identifiers No Prefix Required DescriptionCreating a Custom Log Format by Using the Nswl Library Creating a Custom Log FormatField Description To create the custom log format by using the Nswl Library Creating a Custom Log Format ManuallySample Configuration File Creating Apache Log FormatsNcsa Arguments for Defining a Custom Log Format 11.Custom Log Format Argument SpecifiesFoobari Foobaro Formatt Time Format Definition 12.Time Format Definition Argument SpecifiesArgument Specifies 123 Web Server Logging 124 Advanced Configurations Configuring Clock Synchronization To add an NTP server by using the NetScaler command lineShow ntp server Example Minpoll Parameters for configuring an NTP serverServerName MaxpollConfiguring Clock Synchronization Manually Enable ntp sync Disable ntp syncStarting or Stopping the NTP Daemon Usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.log Show ns config ExampleViewing the System Date and Time Configuring TCP Window Scaling Parameters for configuring window scaling Show ns tcpParam ExampleWSVal Configuring Selective Acknowledgment EnabledClearing the Configuration To enable Sack by using the Configuration UtilityViewing the Http Band Statistics Parameters for clearing a configurationTo clear a configuration by using the configuration utility LevelReqBandSize RespBandSizeTo add an Http profile by using the NetScaler command line Configuring Http ProfilesTo modify the band range by using the configuration utility Built-in Http Profiles Built-in profile DescriptionParameters for adding an Http profile Configuring TCP Profiles To add an Http profile by using the configuration utilityBuilt-in TCP Profiles Built-in profile Description To add a TCP profile by using the NetScaler command line Parameters for creating a TCP profile To add a TCP profile by using the configuration utility Specifying a TCP Buffer Size Example Parameters for setting the TCP buffer size in a TCP profile BufferSizeSpecifying the MSS Value in a TCP Profile Parameters for specifying the MSS value in a TCP profileMss Learn MSS for VServer LearnVsvrMSS Advanced Configurations 148 Web Interface How Web Interface Works PrerequisitesInstalling the Web Interface Configuring the Web Interface Web Interface tar file pathJRE tar file path Parameters for configuring Web interface sites Access Gateway URL Gateway Direct ModeAuthentication Point PortXML Service Port Configuring a Web Interface Site for LAN Users Using HttpXML Service Addresses TransportA Web Interface Site Configured for LAN Users Using Http Site Type Published Resource Type Kiosk ModeVirtual Server Protocol select Https IP Address Port Add service WILoopbackService 127.0.0.1 Http Configuring a Web Interface Site for LAN Users Using Https A Web Interface Site Configured for LAN Users Using Https160 161 Add lb vserver Httpswi SSL 10.102.29.3 Configuring a Web Interface Site for Remote Users Using Agee A Web Interface Site Configured for Remote Users Using Agee 165 166 AppFlow How AppFlow Works NetScaler Flow SequenceFlow Records TemplatesConfiguring the AppFlow Feature Enabling or Disabling the AppFlow Feature To specify a collector by using the NetScaler command lineSpecifying a Collector To specify a collector by using the configuration utility Configuring an AppFlow ActionTo remove a collector by using the NetScaler command line Parameters for specifying a collectorParameters for configuring an AppFlow action CollectorsComment Configuring an AppFlow Policy Show appflow policy nameParameters for configuring an AppFlow policy Rule ActionTo add an expression by using the Add Expression dialog box HttpBinding an AppFlow Policy Show appflow globalInvoke Invoke flag LabelType Parameters for binding an AppFlow policyGotoPriorityExpression LabelNameEnabling AppFlow for Virtual Servers Click Apply ChangesEnabling AppFlow for a Service Setting the AppFlow ParametersAppFlow Parameters HttpMethod HttpCookieHttpReferer HttpHostReporting Tool Using the Reporting Tool To invoke the Reporting toolWorking with Reports Using Built-in Reports Creating and Deleting ReportsModifying the Time Interval Time Intervals Time interval DisplaysSetting the Data Source and Time Zone Exporting and Importing Custom ReportsWorking with Charts Adding a ChartModifying a Chart Viewing a Chart To change the graph type of a chartTo view numeric data for a graph To change the color and graph type of a data set Deleting a Chart To export chart data to ExcelExamples Stopping and Starting the Data Collection Utility Limits on Entity Numbers Retrieved by nscollect Entity nameEntity name Limit To stop nscollectTo start nscollect on the local system Netscaler/nscollect stopTo start nscollect on the remote system Netscaler/nscollect start