Citrix NetScaler Administration Guide
Citrix NetScaler
Copyright and Trademark Notice
All rights reserved Last Updated March Document code May 21 2012
Page
Preface
Contents
1 Authentication and Authorization
Contents
2 SNMP
Citrix NetScaler Administration Guide
Enabling Unconditional SNMP Trap Logging
3 Audit Logging
viii
Contents
Citrix NetScaler Administration Guide
4 Web Server Logging
Contents
Installing and Configuring the Client System for Web Server Logging. . . . . . . . . . . . . . . . . . . . . 96 Installing NSWL Client on a Solaris Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97 To install the NSWL client package on a Solaris operating system. . . . . . . . . . . . . . 97 To uninstall the NSWL client package on a Solaris operating system
5 Advanced Configurations
Configuring TCP Window Scaling xi
Citrix NetScaler Administration Guide
Contents
Specifying the MSS Value in a TCP Profile
xiii
Citrix NetScaler Administration Guide
6 Web Interface
Enabling AppFlow for Virtual Servers
179 xiv
Contents
7 AppFlow
Citrix NetScaler Administration Guide
8 Reporting Tool
Contents
Preface
Formatting Conventions for NetScaler Documentation
In This Preface
Table 1. Formatting Conventions
Documentation Available on the NetScaler Appliance
Preface
To view the documentation
Convention
To provide feedback at the Knowledge Center home page
Getting Service and Support
NetScaler Documentation Feedback
Preface
Authentication and Authorization
Configuring Users and Groups Configuring Command Policies
Resetting the Default Administrator nsroot Password
Example of a User Scenario Configuring External User Authentication
Configuring Users and Groups
Configuring User Accounts
To create a user account by using the NetScaler command line
w show system user Example
Parameters for configuring a user account
password Password
timeout CLI Idle Session Timeout Secs
userName User Name
Configuring User Groups
To configure a user account by using the configuration utility
To create a user group by using the NetScaler command line
Password Confirm Password CLI Prompt CLI Idle Session Timeout Secs
To modify or remove a user group by using the NetScaler command line
To bind a user to a group by using the NetScaler command line
To unbind a user from a group by using the NetScaler command line
w show system group groupName Example
Parameters for configuring a user group
To configure a user group by using the configuration utility
w show system group groupName
groupName Group Name
CLI Prompt CLI Idle Session Timeout Secs
Configuring Command Policies
Built-in Command Policies
Creating Custom Command Policies
Table 1-1. Built-in Command Policies
except show runningconfig, show
runningconfig, and sh gslb
Table 1-2. Examples of Regular Expressions for Command Policies
Command specification
Matches these commands
Table 1-3. Expressions Used in the Built-in Command Policies
To create a command policy by using the NetScaler command line
Parameters for configuring a command policy
w sh system cmdPolicy Example
policyname
Binding Command Policies to Users and Groups
To configure a command policy by using the configuration utility
Parameters for binding a command policy to a user
To bind command policies to a user by using the configuration utility
w sh system user userName Example
w sh system user userName
Parameters for binding a command policy to a group
Resetting the Default Administrator nsroot Password
To reset the nsroot password
Example of a User Scenario
fsck /dev/ad0s1a mount /dev/ad0s1a /flash
Configuration steps
modifyall with action as Allow and the command spec \S+\s+?!system
Table 1-4. Sample Values for Creating Entities
Field
Configuring External User Authentication
Configuring LDAP Authentication
Table 1-5. User Attribute Fields for LDAP Servers
LDAP server
User attribute
Case sensitive?
To configure LDAP authentication by using the configuration utility
4. In Authentication Type, select LDAP. Next to Server, click New
LDAP server
Bind DN
Determining attributes in the LDAP directory
Configuring RADIUS Authentication
To configure RADIUS authentication by using the configuration utility
Choosing RADIUS authentication protocols
4. In Authentication Type, select RADIUS
4. Under Details, in Group Vendor Identifier, type the value
Configuring IP address extraction
To configure IP address extraction by using the configuration utility
4. In Authentication Type, select TACACS
Configuring TACACS+ Authentication
Configuring NT4 Authentication
Binding the Authentication Policies to the System Global Entity
To configure NT4 authentication by using the configuration utility
Chapter 1 Authentication and Authorization
2. On the Policies tab, click Global Bindings
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
Configuring the NetScaler for SNMP v1 and v2 Queries
Configuring SNMP Alarms for Rate Limiting
Configuring the NetScaler for SNMPv3 Queries
To import the MIB files to the SNMP manager and trap listener
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
Importing MIB Files to the SNMP Manager and Trap Listener
Enabling or Disabling an SNMP Alarm
To enable or disable an SNMP alarm by using the command line
To enable or disable an SNMP alarm by using the configuration utility
w enable snmp alarm alarm name w sh snmp alarm alarm name
Configuring Alarms
To configure an SNMP alarm by using the command line
Parameters for configuring SNMP alarms
w sh snmp alarm alarm Name
To add an SNMP trap by using the NetScaler command line
Configuring Traps
To configure SNMP alarms by using the configuration utility
Parameters for configuring SNMP traps
To configure SNMP Traps by using the configuration utility
w show snmp trap
trapClass
w set snmp option -snmpTrapLogging ENABLED DISABLED
Enabling Unconditional SNMP Trap Logging
Destination IP Address*-trapDestination Destination Port-destPort
Source IP Address-srcIP Minimum Severity-severity
Configuring the NetScaler for SNMP v1 and v2 Queries
Specifying an SNMP Manager
Parameters for unconditional SNMP trap logging
SnmpTrapLogging SNMP Trap Logging
w show snmp manager
To add an SNMP manager by using the NetScaler command line
w show snmp manager
w show snmp manager
Parameters for configuring an SNMP manager
IPAddress
To add an SNMP manager by using the configuration utility
netmask
domainResolveRetry
IP Address*-IPAddress
To specify an SNMP community by using the NetScaler command line
Parameters for configuring an SNMP community string
Specifying an SNMP Community
w sh snmp community
Configuring SNMP Alarms for Rate Limiting
Configuring an SNMP Alarm for Throughput or PPS
To remove an SNMP community string by using the configuration utility
Community String*-communityName
w show snmp alarm PF-RL-RATE-THRESHOLD
Parameters for configuring an SNMP alarm for throughput or PPS
w show snmp alarm PF-RL-PPS-THRESHOLD
thresholdValue
normalValue
Configuring SNMP Alarm for Dropped Packets
Configuring the NetScaler for SNMPv3 Queries
Parameters for configuring an SNMP alarm for dropped packets
state
severity
Setting the Engine ID
Configuring a View
To set the engine ID by using the NetScaler command line
Parameters for setting the engine ID
To set the engine ID by using configuration utility
Configuring a Group
Parameters for configuring an SNMP view
To configure an SNMP view by using the configuration utility
To add an SNMP group by using the NetScaler command line
Configuring a User
Parameters for configuring an SNMP group
To configure an SNMP group by using the configuration utility
To configure a user by using the NetScaler command line
Parameters for configuring an SNMP user
To configure an SNMP user by using the configuration utility
Name*-name Group Name*-group Authentication Type-authType
Authentication Password-authPasswd Privacy Type-privType
Citrix NetScaler Administration Guide
A required parameter 4. Click Create or OK, and then click Close
Chapter 2 SNMP
Configuring the NetScaler Appliance for Audit Logging
Installing and Configuring the NSLOG Server Running the NSLOG Server
Default Settings for the Log Properties
Sample Configuration File audit.conf
Chapter 3 Audit Logging
Configuring the NetScaler Appliance for Audit Logging
Configuring Audit Servers
To configure a SYSLOG server action by using the command line
w show audit syslogAction name
To configure an NSLOG server action by using the command line
Parameters for configuring auditing servers
w show audit nslogAction name
serverIP
ERROR
Log levels defined
dateFormat
logFacility
Configuring Audit Policies
To configure an auditing server action
To configure a SYSLOG policy by using the command line
User Configurable Log Messages-userDefinedAuditlog
To configure an NSLOG policy by using the command line
Parameters for configuring audit policies
w add audit syslogPolicy name rule action
w show audit syslogPolicy name
To configure an audit server policy
Binding the Audit Policies Globally
Parameters for binding the audit policies globally
Name* name Server* action
Configuring Policy-Based Logging
Configuring an Audit Message Action
To create an audit message action by using the NetScaler command line
To globally bind the audit policy
Parameters for configuring an audit message action
bypassSafetyCheck
Example
stringBuilderExpr
Name*-name Log Level*-logLevel
Installing and Configuring the NSLOG Server
Binding Audit Message Action to a Policy
Installing NSLOG Server on the Linux Operating System
To install the NSLOG server package on a Linux operating system
Table 3-1. Supported Platforms for the NSLOG Server
Operating system
Installing NSLOG Server on the FreeBSD Operating System
To uninstall the NSLOG server package on a Linux operating system
Installing NSLOG Server Files on the Windows Operating System
To install the NSLOG server package on a FreeBSD operating system
To uninstall the NSLOG server package on a FreeBSD operating system
pkgadd audserverbsd-release number-build number.tgz Example
To install NSLOG server on a Windows operating system
Citrix NetScaler Administration Guide
NSLOG Server Command Options
To uninstall the NSLOG server on a Windows operating system
Audit server commands
audserver -remove
Adding the NetScaler Appliance IP Addresses on the NSLOG Server
To add the IP addresses of the NetScaler appliance
Audit server commands
audserver -remove
Verifying the NSLOG Server Configuration File
To stop audit server logging that starts as a service in Windows
Running the NSLOG Server
To start audit server logging
To create a filter
Customizing Logging on the NSLOG Server
Creating Filters
Example
Specifying Log Properties
Example
Default Settings for the Log Properties
Example
Example
Example
Example
Sample Configuration File audit.conf
Example
Configuring the NetScaler Appliance for Web Server Logging
Installing and Configuring the Client System for Web Server Logging
Sample Configuration File Arguments for Defining a Custom Log Format
Web Server Logging
Configuring the NetScaler Appliance for Web Server Logging
w enable ns feature WL w disable ns feature WL w sh ns feature
Enabling or Disabling Web Server Logging
Web Logging
Modifying the Default Buffer Size
To modify the buffer size by using the NetScaler command line
Parameter for modifying the buffer size
w sh weblogparam Example
Installing and Configuring the Client System for Web Server Logging
To modify the buffer size by using the configuration utility
Table 4-1. Supported Platforms for the NSWL Client
Version
Installing NSWL Client on a Solaris Operating System
To install the NSWL client package on a Solaris operating system
Hardware requirements
cp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp
Installing NSWL Client on a Linux Operating System
To uninstall the NSWL client package on a Solaris operating system
To install the NSWL client package on a Linux operating system
cd /tmp
Installing NSWL Client on a FreeBSD Operating System
To uninstall the NSWL client package on a Linux operating system
To view the installed Web server logging files
To install the NSWL client package on a FreeBSD operating system
Installing NSWL Client on a Mac OS Operating System
To uninstall the NSWL client package on a FreeBSD operating system
To install the NSWL client package on a Mac OS operating system
pkgdelete NSweblog
Installing NSWL Client on a Windows Operating System
To uninstall the NSWL client package on a Mac OS operating system
To install the NSWL client on a Windows system
pkgdelete NSweblog
Installing NSWL Client on an AIX Operating System
To uninstall the NSWL client on a Windows system
To install the NSWL client package on an AIX operating system
To uninstall the NSWL client package on an AIX operating system
NSWL Client Command Options
Table 4-3. NSWL Command Options
NSWL command
To view the installed Web server logging files
Adding the IP Addresses of the NetScaler Appliance
To add the NSIP address of the NetScaler appliance
nswl -addns -f directorypath \log.conf
NSWL command
Verifying the NSWL Configuration File
To verify the configuration in the NSWL configuration file
Running the NSWL Client
Customizing Logging on the NSWL Client System
Table 4-4. Parameters for Creating a Filter
Parameter
Creating Filters
Specifies
To create a filter for a virtual server
To create a filter, enter the following command in the log.conf file
Specifying Log Properties
To create a filter
Example
Chapter 4 Web Server Logging
Example
Understanding the NCSA and W3C Log Formats
NCSA Common Log Format
Example
Example
W3C Extended Log Format
Table 4-5. NCSA Common Log Format
Argument
Specifies
Entries
Directives
Table 4-6. Directive Descriptions
Directive
Fields
Identifiers
Table 4-7. Prefix Descriptions
Prefix
Table 4-8. W3C Extended Log Format Identifiers No Prefix Required
Identifier
Table 4-9. W3C Extended Log Format Identifiers Requires a Prefix
Table 4-10. W3C Extended Log File Format Allows Log Fields
Creating a Custom Log Format by Using the NSWL Library
Creating a Custom Log Format
Field
Description
Example
To create the custom log format by using the NSWL Library
Creating a Custom Log Format Manually
Sample Configuration File
Creating Apache Log Formats
Citrix NetScaler Administration Guide
Arguments for Defining a Custom Log Format
Table 4-11. Custom Log Format
Argument
Specifies
Specifies
Argument
b d g h H Foobari j J l m M Foobaro p q
Specifies
Argument
r s t formatt T u U v V V6
Time Format Definition
Table 4-12. Time Format Definition
Argument
Specifies
Specifies
Chapter 4 Web Server Logging
Argument
Citrix NetScaler Administration Guide
Chapter 4 Web Server Logging
Advanced Configurations
Configuring Clock Synchronization Viewing the System Date and Time
Configuring TCP Window Scaling Configuring Selective Acknowledgment
Clearing the Configuration Viewing the HTTP Band Statistics
w show ntp server Example
Configuring Clock Synchronization
To add an NTP server by using the NetScaler command line
To modify or remove NTP servers by using the NetScaler command line
Parameters for configuring an NTP server
To configure an NTP server by using the configuration utility
serverName
Starting or Stopping the NTP Daemon
Configuring Clock Synchronization Manually
w enable ntp sync w disable ntp sync
To view the system date and time by using the NetScaler command line
usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.log
show ns config Example
Viewing the System Date and Time
System Time Tue Feb 165044
Configuring TCP Window Scaling
To view the system date and time by using the configuration utility
To configure window scaling by using the NetScaler command line
Parameters for configuring window scaling
w show ns tcpParam Example
WSVal
Configuring Selective Acknowledgment
To configure window scaling by using the configuration utility
ENABLED
SACK status
To clear a configuration by using the NetScaler command line
Clearing the Configuration
To enable SACK by using the Configuration Utility
Parameters for clearing a configuration
To clear a configuration by using the configuration utility
Viewing the HTTP Band Statistics
level
To modify the band range by using the NetScaler command line
Configuring HTTP Profiles
To modify the band range by using the configuration utility
To add an HTTP profile by using the NetScaler command line
Table 5-1. Built-in HTTP Profiles
ENABLED DISABLED w sh ns httpProfile Example
Parameters for adding an HTTP profile
name Name
maxReusePool Max Connection in reusepool
Configuring TCP Profiles
To add an HTTP profile by using the configuration utility
Table 5-2. Built-in TCP Profiles
Built-in profile
Description
To add a TCP profile by using the NetScaler command line
Built-in profile
delayedAck TCP Delayed ACK Time-out msec
Parameters for creating a TCP profile
w sh ns tcpProfile Example
WS Window Scaling
To add a TCP profile by using the configuration utility
Initial Congestion Window Size TCP Delayed ACK Time-out msec
pktPerRetx Maximum Packets per Retransmission
minRTO Minimum RTO in millisec
Specifying a TCP Buffer Size
Use Nagles Algorithm Immediate ACK on Receiving Packet with PUSH
w set ns tcpProfile name -bufferSize positiveinteger
w show ns tcpProfile name
w set ns tcpProfile nstcpdefaultprofile -bufferSize positiveinteger
w show ns tcpProfile nstcpdefaultprofile
Example
12000
name
Parameters for setting the TCP buffer size in a TCP profile
bufferSize
Specifying the MSS Value in a TCP Profile
Parameters for specifying the MSS value in a TCP profile
Configuring the NetScaler to Learn the MSS Value from Bound Services
w set ns tcpParam -learnVsvrMSS ENABLEDDISABLED w show ns tcpParam
Learn MSS for VServer
ENABLED
learnVsvrMSS
Chapter 5 Advanced Configurations
How Web Interface Works Prerequisites Installing the Web Interface
Configuring the Web Interface
Web Interface
Chapter
Figure 6-1. A Basic Web Interface Session
How Web Interface Works
Prerequisites
Installing the Web Interface
Example
Configuring the Web Interface
Parameters for installing the Web interface and JRE tar files
Web Interface tar file path
JRE tar file path
Parameters for configuring Web interface sites
Kiosk Mode
Direct Mode
Site Type
Gateway Direct Mode
Authentication Point
Access Gateway URL
Port
Configuring a Web Interface Site for LAN Users Using HTTP
XML Service Addresses
XML Service Port
Transport
Figure 6-2. A Web Interface Site Configured for LAN Users Using HTTP
Site Type Published Resource Type Kiosk Mode
XML Service Addresses XML Service Port Transport Load Balance
Virtual Server Protocol select HTTPS IP Address Port
Example
Example
Example
Example
Configuring a Web Interface Site for LAN Users Using HTTPS
Figure 6-3. A Web Interface Site Configured for LAN Users Using HTTPS
Virtual Server Protocol select HTTPS IP Address Port
Site Type Published Resource Type Kiosk Mode
Chapter 6 Web Interface
XML Service Addresses XML Service Port Transport Load Balance
Example
Example
Example
Example
Example
Example
Example
Example
Configuring a Web Interface Site for Remote Users Using AGEE
Example
Site Type Published Resource Type Kiosk Mode
Authentication Point Access Gateway URL Add DNS Entry
Trust SSL Certificate STA Server URL STA Server URL
Session Reliability Use two STA Servers
XML Service Addresses XML Service Port Transport Load Balance
Example
Chapter 6 Web Interface
Example
How AppFlow Works Configuring the AppFlow Feature
AppFlow
Chapter
Topics
How AppFlow Works
Figure 7-1. NetScaler Flow Sequence
Flow Records
Templates
transactionID
connectionID
Configuring the AppFlow Feature
httpRequestSize
httpRequestURL
httpUserAgent
Enabling or Disabling the AppFlow Feature
To enable the AppFlow feature by using the configuration utility
To specify a collector by using the NetScaler command line
w enable ns feature appflow w disable ns feature appflow
Configuring an AppFlow Action
To remove a collector by using the NetScaler command line
To specify a collector by using the configuration utility
To configure an AppFlow action by using the NetScaler command line
Parameters for configuring an AppFlow action
Done show appflow action 1 Name apfl-act-collector-1
Collectors collecter-1 Hits Action Reference Count
2 Name apfl-act-collector-2-and-3 Collectors collector-2, collecter-3
Configuring an AppFlow Policy
To configure an AppFlow action by using the configuration utility
To configure an AppFlow policy by using the NetScaler command line
w show appflow policy name
Parameters for configuring an AppFlow policy
name
rule
action
To configure an AppFlow policy by using the configuration utility
To add an expression by using the Add Expression dialog box
HTTP
comment
w show appflow global
Binding an AppFlow Policy
CLIENT
To globally bind an AppFlow policy by using the configuration utility
Parameters for binding an AppFlow policy
gotoPriorityExpression
invoke Invoke flag labelType
To enable AppFlow for a virtual server by using the
NetScaler command line
Enabling AppFlow for Virtual Servers
6. Click Apply Changes
Enabling AppFlow for a Service
Setting the AppFlow Parameters
To enable AppFlow for a service by using the NetScaler command line
To enable AppFlow for a service by using the configuration utility
AppFlow Parameters
w show appflowParam
templateRefresh
appnameRefresh
To set the AppFlow parameters by using the configuration utility
httpCookie
httpReferer
httpMethod
Using the Reporting Tool
Reporting Tool
Stopping and Starting the Data Collection Utility
Chapter
Using the Reporting Tool
Figure 8-1. Report Toolbar Figure 8-2. Chart Toolbar
To invoke the Reporting tool
Working with Reports
Using Built-in Reports
Creating and Deleting Reports
To display a built-in report
To create a custom report
Modifying the Time Interval
To delete a custom report
Table 8-1. Time Intervals
Time interval
Setting the Data Source and Time Zone
Exporting and Importing Custom Reports
To modify the time interval
To set the data source and time zone
Working with Charts
Adding a Chart
Modifying a Chart
To add a chart to a report
To refocus a chart with detailed data
Viewing a Chart
To change the graph type of a chart
To scroll through time in a chart
To change the background color and text color of a chart
To customize the axes of a chart
To view numeric data for a graph
Citrix NetScaler Administration Guide
Exporting Chart Data to Excel
To change the color and graph type of a data set
Deleting a Chart
To delete a chart
To export chart data to Excel
Examples
Table 8-2. Limits on Entity Numbers Retrieved by nscollect
Entity name
Limit
Stopping and Starting the Data Collection Utility
To stop nscollect
To start nscollect on the local system
netscaler/nscollect stop
Entity name
netscaler/nscollect start -U 10.102.29.170nsrootnsroot -ds default
To start nscollect on the remote system
netscaler/nscollect start
Citrix NetScaler Administration Guide