Citrix NetScaler
Citrix NetScaler Administration Guide
Copyright and Trademark Notice
All rights reserved Last Updated March Document code May 21 2012
Page
Contents
1 Authentication and Authorization
Preface
2 SNMP
Contents
Enabling Unconditional SNMP Trap Logging
Citrix NetScaler Administration Guide
viii
Contents
3 Audit Logging
4 Web Server Logging
Citrix NetScaler Administration Guide
Installing and Configuring the Client System for Web Server Logging. . . . . . . . . . . . . . . . . . . . . 96 Installing NSWL Client on a Solaris Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97 To install the NSWL client package on a Solaris operating system. . . . . . . . . . . . . . 97 To uninstall the NSWL client package on a Solaris operating system
Contents
Configuring TCP Window Scaling xi
Citrix NetScaler Administration Guide
5 Advanced Configurations
Contents
6 Web Interface
Specifying the MSS Value in a TCP Profile
xiii
Citrix NetScaler Administration Guide
7 AppFlow
Enabling AppFlow for Virtual Servers
179 xiv
Contents
8 Reporting Tool
Citrix NetScaler Administration Guide
Contents
Table 1. Formatting Conventions
Preface
Formatting Conventions for NetScaler Documentation
In This Preface
Convention
Documentation Available on the NetScaler Appliance
Preface
To view the documentation
Getting Service and Support
NetScaler Documentation Feedback
To provide feedback at the Knowledge Center home page
Preface
Example of a User Scenario Configuring External User Authentication
Authentication and Authorization
Configuring Users and Groups Configuring Command Policies
Resetting the Default Administrator nsroot Password
w show system user Example
Configuring Users and Groups
Configuring User Accounts
To create a user account by using the NetScaler command line
userName User Name
Parameters for configuring a user account
password Password
timeout CLI Idle Session Timeout Secs
Password Confirm Password CLI Prompt CLI Idle Session Timeout Secs
Configuring User Groups
To configure a user account by using the configuration utility
To create a user group by using the NetScaler command line
w show system group groupName Example
To modify or remove a user group by using the NetScaler command line
To bind a user to a group by using the NetScaler command line
To unbind a user from a group by using the NetScaler command line
groupName Group Name
Parameters for configuring a user group
To configure a user group by using the configuration utility
w show system group groupName
Configuring Command Policies
Built-in Command Policies
CLI Prompt CLI Idle Session Timeout Secs
runningconfig, and sh gslb
Creating Custom Command Policies
Table 1-1. Built-in Command Policies
except show runningconfig, show
Table 1-3. Expressions Used in the Built-in Command Policies
Table 1-2. Examples of Regular Expressions for Command Policies
Command specification
Matches these commands
policyname
To create a command policy by using the NetScaler command line
Parameters for configuring a command policy
w sh system cmdPolicy Example
To configure a command policy by using the configuration utility
Binding Command Policies to Users and Groups
w sh system user userName
Parameters for binding a command policy to a user
To bind command policies to a user by using the configuration utility
w sh system user userName Example
Parameters for binding a command policy to a group
To reset the nsroot password
Resetting the Default Administrator nsroot Password
fsck /dev/ad0s1a mount /dev/ad0s1a /flash
Example of a User Scenario
Field
Configuration steps
modifyall with action as Allow and the command spec \S+\s+?!system
Table 1-4. Sample Values for Creating Entities
Configuring External User Authentication
Configuring LDAP Authentication
Case sensitive?
Table 1-5. User Attribute Fields for LDAP Servers
LDAP server
User attribute
Bind DN
To configure LDAP authentication by using the configuration utility
4. In Authentication Type, select LDAP. Next to Server, click New
LDAP server
Determining attributes in the LDAP directory
4. In Authentication Type, select RADIUS
Configuring RADIUS Authentication
To configure RADIUS authentication by using the configuration utility
Choosing RADIUS authentication protocols
Configuring IP address extraction
To configure IP address extraction by using the configuration utility
4. Under Details, in Group Vendor Identifier, type the value
Configuring TACACS+ Authentication
Configuring NT4 Authentication
4. In Authentication Type, select TACACS
To configure NT4 authentication by using the configuration utility
Binding the Authentication Policies to the System Global Entity
2. On the Policies tab, click Global Bindings
Chapter 1 Authentication and Authorization
Configuring the NetScaler for SNMPv3 Queries
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
Configuring the NetScaler for SNMP v1 and v2 Queries
Configuring SNMP Alarms for Rate Limiting
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
Importing MIB Files to the SNMP Manager and Trap Listener
To import the MIB files to the SNMP manager and trap listener
w enable snmp alarm alarm name w sh snmp alarm alarm name
Enabling or Disabling an SNMP Alarm
To enable or disable an SNMP alarm by using the command line
To enable or disable an SNMP alarm by using the configuration utility
w sh snmp alarm alarm Name
Configuring Alarms
To configure an SNMP alarm by using the command line
Parameters for configuring SNMP alarms
Configuring Traps
To configure SNMP alarms by using the configuration utility
To add an SNMP trap by using the NetScaler command line
trapClass
Parameters for configuring SNMP traps
To configure SNMP Traps by using the configuration utility
w show snmp trap
Source IP Address-srcIP Minimum Severity-severity
w set snmp option -snmpTrapLogging ENABLED DISABLED
Enabling Unconditional SNMP Trap Logging
Destination IP Address*-trapDestination Destination Port-destPort
SnmpTrapLogging SNMP Trap Logging
Configuring the NetScaler for SNMP v1 and v2 Queries
Specifying an SNMP Manager
Parameters for unconditional SNMP trap logging
To add an SNMP manager by using the NetScaler command line
w show snmp manager
w show snmp manager
Parameters for configuring an SNMP manager
IPAddress
w show snmp manager
IP Address*-IPAddress
To add an SNMP manager by using the configuration utility
netmask
domainResolveRetry
w sh snmp community
To specify an SNMP community by using the NetScaler command line
Parameters for configuring an SNMP community string
Specifying an SNMP Community
Community String*-communityName
Configuring SNMP Alarms for Rate Limiting
Configuring an SNMP Alarm for Throughput or PPS
To remove an SNMP community string by using the configuration utility
w show snmp alarm PF-RL-RATE-THRESHOLD
normalValue
Parameters for configuring an SNMP alarm for throughput or PPS
w show snmp alarm PF-RL-PPS-THRESHOLD
thresholdValue
Configuring SNMP Alarm for Dropped Packets
severity
Configuring the NetScaler for SNMPv3 Queries
Parameters for configuring an SNMP alarm for dropped packets
state
Setting the Engine ID
To set the engine ID by using configuration utility
Configuring a View
To set the engine ID by using the NetScaler command line
Parameters for setting the engine ID
To add an SNMP group by using the NetScaler command line
Configuring a Group
Parameters for configuring an SNMP view
To configure an SNMP view by using the configuration utility
To configure a user by using the NetScaler command line
Configuring a User
Parameters for configuring an SNMP group
To configure an SNMP group by using the configuration utility
Authentication Password-authPasswd Privacy Type-privType
Parameters for configuring an SNMP user
To configure an SNMP user by using the configuration utility
Name*-name Group Name*-group Authentication Type-authType
A required parameter 4. Click Create or OK, and then click Close
Citrix NetScaler Administration Guide
Chapter 2 SNMP
Sample Configuration File audit.conf
Configuring the NetScaler Appliance for Audit Logging
Installing and Configuring the NSLOG Server Running the NSLOG Server
Default Settings for the Log Properties
Chapter 3 Audit Logging
w show audit syslogAction name
Configuring the NetScaler Appliance for Audit Logging
Configuring Audit Servers
To configure a SYSLOG server action by using the command line
serverIP
To configure an NSLOG server action by using the command line
Parameters for configuring auditing servers
w show audit nslogAction name
logFacility
ERROR
Log levels defined
dateFormat
User Configurable Log Messages-userDefinedAuditlog
Configuring Audit Policies
To configure an auditing server action
To configure a SYSLOG policy by using the command line
w show audit syslogPolicy name
To configure an NSLOG policy by using the command line
Parameters for configuring audit policies
w add audit syslogPolicy name rule action
Name* name Server* action
To configure an audit server policy
Binding the Audit Policies Globally
Parameters for binding the audit policies globally
To globally bind the audit policy
Configuring Policy-Based Logging
Configuring an Audit Message Action
To create an audit message action by using the NetScaler command line
stringBuilderExpr
Parameters for configuring an audit message action
bypassSafetyCheck
Example
Installing and Configuring the NSLOG Server
Binding Audit Message Action to a Policy
Name*-name Log Level*-logLevel
Operating system
Installing NSLOG Server on the Linux Operating System
To install the NSLOG server package on a Linux operating system
Table 3-1. Supported Platforms for the NSLOG Server
To uninstall the NSLOG server package on a Linux operating system
Installing NSLOG Server on the FreeBSD Operating System
pkgadd audserverbsd-release number-build number.tgz Example
Installing NSLOG Server Files on the Windows Operating System
To install the NSLOG server package on a FreeBSD operating system
To uninstall the NSLOG server package on a FreeBSD operating system
Citrix NetScaler Administration Guide
To install NSLOG server on a Windows operating system
audserver -remove
NSLOG Server Command Options
To uninstall the NSLOG server on a Windows operating system
Audit server commands
audserver -remove
Adding the NetScaler Appliance IP Addresses on the NSLOG Server
To add the IP addresses of the NetScaler appliance
Audit server commands
To start audit server logging
Verifying the NSLOG Server Configuration File
To stop audit server logging that starts as a service in Windows
Running the NSLOG Server
Customizing Logging on the NSLOG Server
Creating Filters
To create a filter
Specifying Log Properties
Example
Example
Example
Default Settings for the Log Properties
Example
Example
Sample Configuration File audit.conf
Example
Example
Web Server Logging
Configuring the NetScaler Appliance for Web Server Logging
Installing and Configuring the Client System for Web Server Logging
Sample Configuration File Arguments for Defining a Custom Log Format
Web Logging
Configuring the NetScaler Appliance for Web Server Logging
w enable ns feature WL w disable ns feature WL w sh ns feature
Enabling or Disabling Web Server Logging
w sh weblogparam Example
Modifying the Default Buffer Size
To modify the buffer size by using the NetScaler command line
Parameter for modifying the buffer size
Version
Installing and Configuring the Client System for Web Server Logging
To modify the buffer size by using the configuration utility
Table 4-1. Supported Platforms for the NSWL Client
cp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp
Installing NSWL Client on a Solaris Operating System
To install the NSWL client package on a Solaris operating system
Hardware requirements
cd /tmp
Installing NSWL Client on a Linux Operating System
To uninstall the NSWL client package on a Solaris operating system
To install the NSWL client package on a Linux operating system
To install the NSWL client package on a FreeBSD operating system
Installing NSWL Client on a FreeBSD Operating System
To uninstall the NSWL client package on a Linux operating system
To view the installed Web server logging files
pkgdelete NSweblog
Installing NSWL Client on a Mac OS Operating System
To uninstall the NSWL client package on a FreeBSD operating system
To install the NSWL client package on a Mac OS operating system
pkgdelete NSweblog
Installing NSWL Client on a Windows Operating System
To uninstall the NSWL client package on a Mac OS operating system
To install the NSWL client on a Windows system
To uninstall the NSWL client package on an AIX operating system
Installing NSWL Client on an AIX Operating System
To uninstall the NSWL client on a Windows system
To install the NSWL client package on an AIX operating system
To view the installed Web server logging files
NSWL Client Command Options
Table 4-3. NSWL Command Options
NSWL command
NSWL command
Adding the IP Addresses of the NetScaler Appliance
To add the NSIP address of the NetScaler appliance
nswl -addns -f directorypath \log.conf
Customizing Logging on the NSWL Client System
Verifying the NSWL Configuration File
To verify the configuration in the NSWL configuration file
Running the NSWL Client
Specifies
Table 4-4. Parameters for Creating a Filter
Parameter
Creating Filters
To create a filter
To create a filter for a virtual server
To create a filter, enter the following command in the log.conf file
Specifying Log Properties
Chapter 4 Web Server Logging
Example
Example
Example
Understanding the NCSA and W3C Log Formats
NCSA Common Log Format
Example
Specifies
W3C Extended Log Format
Table 4-5. NCSA Common Log Format
Argument
Directive
Entries
Directives
Table 4-6. Directive Descriptions
Prefix
Fields
Identifiers
Table 4-7. Prefix Descriptions
Table 4-10. W3C Extended Log File Format Allows Log Fields
Table 4-8. W3C Extended Log Format Identifiers No Prefix Required
Identifier
Table 4-9. W3C Extended Log Format Identifiers Requires a Prefix
Description
Creating a Custom Log Format by Using the NSWL Library
Creating a Custom Log Format
Field
To create the custom log format by using the NSWL Library
Creating a Custom Log Format Manually
Example
Creating Apache Log Formats
Sample Configuration File
Citrix NetScaler Administration Guide
Specifies
Arguments for Defining a Custom Log Format
Table 4-11. Custom Log Format
Argument
Argument
b d g h H Foobari j J l m M Foobaro p q
Specifies
Argument
r s t formatt T u U v V V6
Specifies
Specifies
Time Format Definition
Table 4-12. Time Format Definition
Argument
Chapter 4 Web Server Logging
Argument
Specifies
Citrix NetScaler Administration Guide
Chapter 4 Web Server Logging
Clearing the Configuration Viewing the HTTP Band Statistics
Advanced Configurations
Configuring Clock Synchronization Viewing the System Date and Time
Configuring TCP Window Scaling Configuring Selective Acknowledgment
Configuring Clock Synchronization
To add an NTP server by using the NetScaler command line
w show ntp server Example
serverName
To modify or remove NTP servers by using the NetScaler command line
Parameters for configuring an NTP server
To configure an NTP server by using the configuration utility
Configuring Clock Synchronization Manually
w enable ntp sync w disable ntp sync
Starting or Stopping the NTP Daemon
Viewing the System Date and Time
To view the system date and time by using the NetScaler command line
usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.log
show ns config Example
Configuring TCP Window Scaling
To view the system date and time by using the configuration utility
System Time Tue Feb 165044
WSVal
To configure window scaling by using the NetScaler command line
Parameters for configuring window scaling
w show ns tcpParam Example
SACK status
Configuring Selective Acknowledgment
To configure window scaling by using the configuration utility
ENABLED
Clearing the Configuration
To enable SACK by using the Configuration Utility
To clear a configuration by using the NetScaler command line
level
Parameters for clearing a configuration
To clear a configuration by using the configuration utility
Viewing the HTTP Band Statistics
To modify the band range by using the NetScaler command line
Table 5-1. Built-in HTTP Profiles
Configuring HTTP Profiles
To modify the band range by using the configuration utility
To add an HTTP profile by using the NetScaler command line
maxReusePool Max Connection in reusepool
ENABLED DISABLED w sh ns httpProfile Example
Parameters for adding an HTTP profile
name Name
Built-in profile
Configuring TCP Profiles
To add an HTTP profile by using the configuration utility
Table 5-2. Built-in TCP Profiles
To add a TCP profile by using the NetScaler command line
Built-in profile
Description
WS Window Scaling
delayedAck TCP Delayed ACK Time-out msec
Parameters for creating a TCP profile
w sh ns tcpProfile Example
minRTO Minimum RTO in millisec
To add a TCP profile by using the configuration utility
Initial Congestion Window Size TCP Delayed ACK Time-out msec
pktPerRetx Maximum Packets per Retransmission
w show ns tcpProfile name
Specifying a TCP Buffer Size
Use Nagles Algorithm Immediate ACK on Receiving Packet with PUSH
w set ns tcpProfile name -bufferSize positiveinteger
12000
w set ns tcpProfile nstcpdefaultprofile -bufferSize positiveinteger
w show ns tcpProfile nstcpdefaultprofile
Example
Parameters for setting the TCP buffer size in a TCP profile
bufferSize
name
Parameters for specifying the MSS value in a TCP profile
Specifying the MSS Value in a TCP Profile
ENABLED
Configuring the NetScaler to Learn the MSS Value from Bound Services
w set ns tcpParam -learnVsvrMSS ENABLEDDISABLED w show ns tcpParam
Learn MSS for VServer
learnVsvrMSS
Chapter 5 Advanced Configurations
Chapter
How Web Interface Works Prerequisites Installing the Web Interface
Configuring the Web Interface
Web Interface
How Web Interface Works
Prerequisites
Figure 6-1. A Basic Web Interface Session
Example
Installing the Web Interface
JRE tar file path
Configuring the Web Interface
Parameters for installing the Web interface and JRE tar files
Web Interface tar file path
Site Type
Parameters for configuring Web interface sites
Kiosk Mode
Direct Mode
Port
Gateway Direct Mode
Authentication Point
Access Gateway URL
Transport
Configuring a Web Interface Site for LAN Users Using HTTP
XML Service Addresses
XML Service Port
Site Type Published Resource Type Kiosk Mode
Figure 6-2. A Web Interface Site Configured for LAN Users Using HTTP
Virtual Server Protocol select HTTPS IP Address Port
XML Service Addresses XML Service Port Transport Load Balance
Example
Example
Example
Example
Figure 6-3. A Web Interface Site Configured for LAN Users Using HTTPS
Configuring a Web Interface Site for LAN Users Using HTTPS
Site Type Published Resource Type Kiosk Mode
Chapter 6 Web Interface
Virtual Server Protocol select HTTPS IP Address Port
Example
XML Service Addresses XML Service Port Transport Load Balance
Example
Example
Example
Example
Example
Example
Configuring a Web Interface Site for Remote Users Using AGEE
Example
Example
Site Type Published Resource Type Kiosk Mode
XML Service Addresses XML Service Port Transport Load Balance
Authentication Point Access Gateway URL Add DNS Entry
Trust SSL Certificate STA Server URL STA Server URL
Session Reliability Use two STA Servers
Chapter 6 Web Interface
Example
Example
Topics
How AppFlow Works Configuring the AppFlow Feature
AppFlow
Chapter
Figure 7-1. NetScaler Flow Sequence
How AppFlow Works
connectionID
Flow Records
Templates
transactionID
httpUserAgent
Configuring the AppFlow Feature
httpRequestSize
httpRequestURL
w enable ns feature appflow w disable ns feature appflow
Enabling or Disabling the AppFlow Feature
To enable the AppFlow feature by using the configuration utility
To specify a collector by using the NetScaler command line
To configure an AppFlow action by using the NetScaler command line
Configuring an AppFlow Action
To remove a collector by using the NetScaler command line
To specify a collector by using the configuration utility
2 Name apfl-act-collector-2-and-3 Collectors collector-2, collecter-3
Parameters for configuring an AppFlow action
Done show appflow action 1 Name apfl-act-collector-1
Collectors collecter-1 Hits Action Reference Count
w show appflow policy name
Configuring an AppFlow Policy
To configure an AppFlow action by using the configuration utility
To configure an AppFlow policy by using the NetScaler command line
action
Parameters for configuring an AppFlow policy
name
rule
comment
To configure an AppFlow policy by using the configuration utility
To add an expression by using the Add Expression dialog box
HTTP
Binding an AppFlow Policy
CLIENT
w show appflow global
invoke Invoke flag labelType
To globally bind an AppFlow policy by using the configuration utility
Parameters for binding an AppFlow policy
gotoPriorityExpression
6. Click Apply Changes
To enable AppFlow for a virtual server by using the
NetScaler command line
Enabling AppFlow for Virtual Servers
To enable AppFlow for a service by using the configuration utility
Enabling AppFlow for a Service
Setting the AppFlow Parameters
To enable AppFlow for a service by using the NetScaler command line
appnameRefresh
AppFlow Parameters
w show appflowParam
templateRefresh
httpMethod
To set the AppFlow parameters by using the configuration utility
httpCookie
httpReferer
Chapter
Using the Reporting Tool
Reporting Tool
Stopping and Starting the Data Collection Utility
Working with Reports
Using the Reporting Tool
Figure 8-1. Report Toolbar Figure 8-2. Chart Toolbar
To invoke the Reporting tool
To create a custom report
Using Built-in Reports
Creating and Deleting Reports
To display a built-in report
Time interval
Modifying the Time Interval
To delete a custom report
Table 8-1. Time Intervals
To set the data source and time zone
Setting the Data Source and Time Zone
Exporting and Importing Custom Reports
To modify the time interval
To add a chart to a report
Working with Charts
Adding a Chart
Modifying a Chart
Viewing a Chart
To change the graph type of a chart
To refocus a chart with detailed data
To view numeric data for a graph
To scroll through time in a chart
To change the background color and text color of a chart
To customize the axes of a chart
Exporting Chart Data to Excel
To change the color and graph type of a data set
Citrix NetScaler Administration Guide
Examples
Deleting a Chart
To delete a chart
To export chart data to Excel
Stopping and Starting the Data Collection Utility
Table 8-2. Limits on Entity Numbers Retrieved by nscollect
Entity name
Limit
Entity name
To stop nscollect
To start nscollect on the local system
netscaler/nscollect stop
Citrix NetScaler Administration Guide
netscaler/nscollect start -U 10.102.29.170nsrootnsroot -ds default
To start nscollect on the remote system
netscaler/nscollect start