Citrix NetScaler Administration Guide
Citrix NetScaler
Copyright and Trademark Notice
All rights reserved Last Updated March Document code May 21 2012
Page
1 Authentication and Authorization
Contents
Preface
Contents
2 SNMP
Citrix NetScaler Administration Guide
Enabling Unconditional SNMP Trap Logging
Contents
viii
3 Audit Logging
Citrix NetScaler Administration Guide
4 Web Server Logging
Contents
Installing and Configuring the Client System for Web Server Logging. . . . . . . . . . . . . . . . . . . . . 96 Installing NSWL Client on a Solaris Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97 To install the NSWL client package on a Solaris operating system. . . . . . . . . . . . . . 97 To uninstall the NSWL client package on a Solaris operating system
Citrix NetScaler Administration Guide
Configuring TCP Window Scaling xi
5 Advanced Configurations
Contents
Citrix NetScaler Administration Guide
Specifying the MSS Value in a TCP Profile
xiii
6 Web Interface
Contents
Enabling AppFlow for Virtual Servers
179 xiv
7 AppFlow
Citrix NetScaler Administration Guide
8 Reporting Tool
Contents
In This Preface
Preface
Formatting Conventions for NetScaler Documentation
Table 1. Formatting Conventions
To view the documentation
Documentation Available on the NetScaler Appliance
Preface
Convention
NetScaler Documentation Feedback
Getting Service and Support
To provide feedback at the Knowledge Center home page
Preface
Resetting the Default Administrator nsroot Password
Authentication and Authorization
Configuring Users and Groups Configuring Command Policies
Example of a User Scenario Configuring External User Authentication
To create a user account by using the NetScaler command line
Configuring Users and Groups
Configuring User Accounts
w show system user Example
timeout CLI Idle Session Timeout Secs
Parameters for configuring a user account
password Password
userName User Name
To create a user group by using the NetScaler command line
Configuring User Groups
To configure a user account by using the configuration utility
Password Confirm Password CLI Prompt CLI Idle Session Timeout Secs
To unbind a user from a group by using the NetScaler command line
To modify or remove a user group by using the NetScaler command line
To bind a user to a group by using the NetScaler command line
w show system group groupName Example
w show system group groupName
Parameters for configuring a user group
To configure a user group by using the configuration utility
groupName Group Name
Built-in Command Policies
Configuring Command Policies
CLI Prompt CLI Idle Session Timeout Secs
except show runningconfig, show
Creating Custom Command Policies
Table 1-1. Built-in Command Policies
runningconfig, and sh gslb
Matches these commands
Table 1-2. Examples of Regular Expressions for Command Policies
Command specification
Table 1-3. Expressions Used in the Built-in Command Policies
w sh system cmdPolicy Example
To create a command policy by using the NetScaler command line
Parameters for configuring a command policy
policyname
Binding Command Policies to Users and Groups
To configure a command policy by using the configuration utility
w sh system user userName Example
Parameters for binding a command policy to a user
To bind command policies to a user by using the configuration utility
w sh system user userName
Parameters for binding a command policy to a group
Resetting the Default Administrator nsroot Password
To reset the nsroot password
Example of a User Scenario
fsck /dev/ad0s1a mount /dev/ad0s1a /flash
Table 1-4. Sample Values for Creating Entities
Configuration steps
modifyall with action as Allow and the command spec \S+\s+?!system
Field
Configuring External User Authentication
Configuring LDAP Authentication
User attribute
Table 1-5. User Attribute Fields for LDAP Servers
LDAP server
Case sensitive?
LDAP server
To configure LDAP authentication by using the configuration utility
4. In Authentication Type, select LDAP. Next to Server, click New
Bind DN
Determining attributes in the LDAP directory
Choosing RADIUS authentication protocols
Configuring RADIUS Authentication
To configure RADIUS authentication by using the configuration utility
4. In Authentication Type, select RADIUS
To configure IP address extraction by using the configuration utility
Configuring IP address extraction
4. Under Details, in Group Vendor Identifier, type the value
Configuring NT4 Authentication
Configuring TACACS+ Authentication
4. In Authentication Type, select TACACS
Binding the Authentication Policies to the System Global Entity
To configure NT4 authentication by using the configuration utility
Chapter 1 Authentication and Authorization
2. On the Policies tab, click Global Bindings
Configuring SNMP Alarms for Rate Limiting
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
Configuring the NetScaler for SNMP v1 and v2 Queries
Configuring the NetScaler for SNMPv3 Queries
Importing MIB Files to the SNMP Manager and Trap Listener
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
To import the MIB files to the SNMP manager and trap listener
To enable or disable an SNMP alarm by using the configuration utility
Enabling or Disabling an SNMP Alarm
To enable or disable an SNMP alarm by using the command line
w enable snmp alarm alarm name w sh snmp alarm alarm name
Parameters for configuring SNMP alarms
Configuring Alarms
To configure an SNMP alarm by using the command line
w sh snmp alarm alarm Name
To configure SNMP alarms by using the configuration utility
Configuring Traps
To add an SNMP trap by using the NetScaler command line
w show snmp trap
Parameters for configuring SNMP traps
To configure SNMP Traps by using the configuration utility
trapClass
Destination IP Address*-trapDestination Destination Port-destPort
w set snmp option -snmpTrapLogging ENABLED DISABLED
Enabling Unconditional SNMP Trap Logging
Source IP Address-srcIP Minimum Severity-severity
Parameters for unconditional SNMP trap logging
Configuring the NetScaler for SNMP v1 and v2 Queries
Specifying an SNMP Manager
SnmpTrapLogging SNMP Trap Logging
w show snmp manager
To add an SNMP manager by using the NetScaler command line
w show snmp manager
IPAddress
Parameters for configuring an SNMP manager
w show snmp manager
domainResolveRetry
To add an SNMP manager by using the configuration utility
netmask
IP Address*-IPAddress
Specifying an SNMP Community
To specify an SNMP community by using the NetScaler command line
Parameters for configuring an SNMP community string
w sh snmp community
To remove an SNMP community string by using the configuration utility
Configuring SNMP Alarms for Rate Limiting
Configuring an SNMP Alarm for Throughput or PPS
Community String*-communityName
w show snmp alarm PF-RL-RATE-THRESHOLD
thresholdValue
Parameters for configuring an SNMP alarm for throughput or PPS
w show snmp alarm PF-RL-PPS-THRESHOLD
normalValue
Configuring SNMP Alarm for Dropped Packets
state
Configuring the NetScaler for SNMPv3 Queries
Parameters for configuring an SNMP alarm for dropped packets
severity
Setting the Engine ID
Parameters for setting the engine ID
Configuring a View
To set the engine ID by using the NetScaler command line
To set the engine ID by using configuration utility
To configure an SNMP view by using the configuration utility
Configuring a Group
Parameters for configuring an SNMP view
To add an SNMP group by using the NetScaler command line
To configure an SNMP group by using the configuration utility
Configuring a User
Parameters for configuring an SNMP group
To configure a user by using the NetScaler command line
Name*-name Group Name*-group Authentication Type-authType
Parameters for configuring an SNMP user
To configure an SNMP user by using the configuration utility
Authentication Password-authPasswd Privacy Type-privType
Citrix NetScaler Administration Guide
A required parameter 4. Click Create or OK, and then click Close
Chapter 2 SNMP
Default Settings for the Log Properties
Configuring the NetScaler Appliance for Audit Logging
Installing and Configuring the NSLOG Server Running the NSLOG Server
Sample Configuration File audit.conf
Chapter 3 Audit Logging
To configure a SYSLOG server action by using the command line
Configuring the NetScaler Appliance for Audit Logging
Configuring Audit Servers
w show audit syslogAction name
w show audit nslogAction name
To configure an NSLOG server action by using the command line
Parameters for configuring auditing servers
serverIP
dateFormat
ERROR
Log levels defined
logFacility
To configure a SYSLOG policy by using the command line
Configuring Audit Policies
To configure an auditing server action
User Configurable Log Messages-userDefinedAuditlog
w add audit syslogPolicy name rule action
To configure an NSLOG policy by using the command line
Parameters for configuring audit policies
w show audit syslogPolicy name
Parameters for binding the audit policies globally
To configure an audit server policy
Binding the Audit Policies Globally
Name* name Server* action
To create an audit message action by using the NetScaler command line
Configuring Policy-Based Logging
Configuring an Audit Message Action
To globally bind the audit policy
Example
Parameters for configuring an audit message action
bypassSafetyCheck
stringBuilderExpr
Binding Audit Message Action to a Policy
Installing and Configuring the NSLOG Server
Name*-name Log Level*-logLevel
Table 3-1. Supported Platforms for the NSLOG Server
Installing NSLOG Server on the Linux Operating System
To install the NSLOG server package on a Linux operating system
Operating system
Installing NSLOG Server on the FreeBSD Operating System
To uninstall the NSLOG server package on a Linux operating system
To uninstall the NSLOG server package on a FreeBSD operating system
Installing NSLOG Server Files on the Windows Operating System
To install the NSLOG server package on a FreeBSD operating system
pkgadd audserverbsd-release number-build number.tgz Example
To install NSLOG server on a Windows operating system
Citrix NetScaler Administration Guide
Audit server commands
NSLOG Server Command Options
To uninstall the NSLOG server on a Windows operating system
audserver -remove
Audit server commands
Adding the NetScaler Appliance IP Addresses on the NSLOG Server
To add the IP addresses of the NetScaler appliance
audserver -remove
Running the NSLOG Server
Verifying the NSLOG Server Configuration File
To stop audit server logging that starts as a service in Windows
To start audit server logging
Creating Filters
Customizing Logging on the NSLOG Server
To create a filter
Example
Specifying Log Properties
Example
Example
Default Settings for the Log Properties
Example
Example
Example
Sample Configuration File audit.conf
Example
Sample Configuration File Arguments for Defining a Custom Log Format
Configuring the NetScaler Appliance for Web Server Logging
Installing and Configuring the Client System for Web Server Logging
Web Server Logging
Enabling or Disabling Web Server Logging
Configuring the NetScaler Appliance for Web Server Logging
w enable ns feature WL w disable ns feature WL w sh ns feature
Web Logging
Parameter for modifying the buffer size
Modifying the Default Buffer Size
To modify the buffer size by using the NetScaler command line
w sh weblogparam Example
Table 4-1. Supported Platforms for the NSWL Client
Installing and Configuring the Client System for Web Server Logging
To modify the buffer size by using the configuration utility
Version
Hardware requirements
Installing NSWL Client on a Solaris Operating System
To install the NSWL client package on a Solaris operating system
cp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp
To install the NSWL client package on a Linux operating system
Installing NSWL Client on a Linux Operating System
To uninstall the NSWL client package on a Solaris operating system
cd /tmp
To view the installed Web server logging files
Installing NSWL Client on a FreeBSD Operating System
To uninstall the NSWL client package on a Linux operating system
To install the NSWL client package on a FreeBSD operating system
To install the NSWL client package on a Mac OS operating system
Installing NSWL Client on a Mac OS Operating System
To uninstall the NSWL client package on a FreeBSD operating system
pkgdelete NSweblog
To install the NSWL client on a Windows system
Installing NSWL Client on a Windows Operating System
To uninstall the NSWL client package on a Mac OS operating system
pkgdelete NSweblog
To install the NSWL client package on an AIX operating system
Installing NSWL Client on an AIX Operating System
To uninstall the NSWL client on a Windows system
To uninstall the NSWL client package on an AIX operating system
NSWL command
NSWL Client Command Options
Table 4-3. NSWL Command Options
To view the installed Web server logging files
nswl -addns -f directorypath \log.conf
Adding the IP Addresses of the NetScaler Appliance
To add the NSIP address of the NetScaler appliance
NSWL command
Running the NSWL Client
Verifying the NSWL Configuration File
To verify the configuration in the NSWL configuration file
Customizing Logging on the NSWL Client System
Creating Filters
Table 4-4. Parameters for Creating a Filter
Parameter
Specifies
Specifying Log Properties
To create a filter for a virtual server
To create a filter, enter the following command in the log.conf file
To create a filter
Example
Chapter 4 Web Server Logging
Example
Example
Understanding the NCSA and W3C Log Formats
NCSA Common Log Format
Example
Argument
W3C Extended Log Format
Table 4-5. NCSA Common Log Format
Specifies
Table 4-6. Directive Descriptions
Entries
Directives
Directive
Table 4-7. Prefix Descriptions
Fields
Identifiers
Prefix
Table 4-9. W3C Extended Log Format Identifiers Requires a Prefix
Table 4-8. W3C Extended Log Format Identifiers No Prefix Required
Identifier
Table 4-10. W3C Extended Log File Format Allows Log Fields
Field
Creating a Custom Log Format by Using the NSWL Library
Creating a Custom Log Format
Description
Creating a Custom Log Format Manually
To create the custom log format by using the NSWL Library
Example
Sample Configuration File
Creating Apache Log Formats
Citrix NetScaler Administration Guide
Argument
Arguments for Defining a Custom Log Format
Table 4-11. Custom Log Format
Specifies
b d g h H Foobari j J l m M Foobaro p q
Argument
Specifies
r s t formatt T u U v V V6
Argument
Specifies
Argument
Time Format Definition
Table 4-12. Time Format Definition
Specifies
Argument
Chapter 4 Web Server Logging
Specifies
Citrix NetScaler Administration Guide
Chapter 4 Web Server Logging
Configuring TCP Window Scaling Configuring Selective Acknowledgment
Advanced Configurations
Configuring Clock Synchronization Viewing the System Date and Time
Clearing the Configuration Viewing the HTTP Band Statistics
To add an NTP server by using the NetScaler command line
Configuring Clock Synchronization
w show ntp server Example
To configure an NTP server by using the configuration utility
To modify or remove NTP servers by using the NetScaler command line
Parameters for configuring an NTP server
serverName
w enable ntp sync w disable ntp sync
Configuring Clock Synchronization Manually
Starting or Stopping the NTP Daemon
show ns config Example
To view the system date and time by using the NetScaler command line
usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.log
Viewing the System Date and Time
To view the system date and time by using the configuration utility
Configuring TCP Window Scaling
System Time Tue Feb 165044
w show ns tcpParam Example
To configure window scaling by using the NetScaler command line
Parameters for configuring window scaling
WSVal
ENABLED
Configuring Selective Acknowledgment
To configure window scaling by using the configuration utility
SACK status
To enable SACK by using the Configuration Utility
Clearing the Configuration
To clear a configuration by using the NetScaler command line
Viewing the HTTP Band Statistics
Parameters for clearing a configuration
To clear a configuration by using the configuration utility
level
To modify the band range by using the NetScaler command line
To add an HTTP profile by using the NetScaler command line
Configuring HTTP Profiles
To modify the band range by using the configuration utility
Table 5-1. Built-in HTTP Profiles
name Name
ENABLED DISABLED w sh ns httpProfile Example
Parameters for adding an HTTP profile
maxReusePool Max Connection in reusepool
Table 5-2. Built-in TCP Profiles
Configuring TCP Profiles
To add an HTTP profile by using the configuration utility
Built-in profile
Built-in profile
To add a TCP profile by using the NetScaler command line
Description
w sh ns tcpProfile Example
delayedAck TCP Delayed ACK Time-out msec
Parameters for creating a TCP profile
WS Window Scaling
pktPerRetx Maximum Packets per Retransmission
To add a TCP profile by using the configuration utility
Initial Congestion Window Size TCP Delayed ACK Time-out msec
minRTO Minimum RTO in millisec
w set ns tcpProfile name -bufferSize positiveinteger
Specifying a TCP Buffer Size
Use Nagles Algorithm Immediate ACK on Receiving Packet with PUSH
w show ns tcpProfile name
Example
w set ns tcpProfile nstcpdefaultprofile -bufferSize positiveinteger
w show ns tcpProfile nstcpdefaultprofile
12000
bufferSize
Parameters for setting the TCP buffer size in a TCP profile
name
Specifying the MSS Value in a TCP Profile
Parameters for specifying the MSS value in a TCP profile
Learn MSS for VServer
Configuring the NetScaler to Learn the MSS Value from Bound Services
w set ns tcpParam -learnVsvrMSS ENABLEDDISABLED w show ns tcpParam
ENABLED
learnVsvrMSS
Chapter 5 Advanced Configurations
Web Interface
How Web Interface Works Prerequisites Installing the Web Interface
Configuring the Web Interface
Chapter
Prerequisites
How Web Interface Works
Figure 6-1. A Basic Web Interface Session
Installing the Web Interface
Example
Web Interface tar file path
Configuring the Web Interface
Parameters for installing the Web interface and JRE tar files
JRE tar file path
Direct Mode
Parameters for configuring Web interface sites
Kiosk Mode
Site Type
Access Gateway URL
Gateway Direct Mode
Authentication Point
Port
XML Service Port
Configuring a Web Interface Site for LAN Users Using HTTP
XML Service Addresses
Transport
Figure 6-2. A Web Interface Site Configured for LAN Users Using HTTP
Site Type Published Resource Type Kiosk Mode
XML Service Addresses XML Service Port Transport Load Balance
Virtual Server Protocol select HTTPS IP Address Port
Example
Example
Example
Example
Configuring a Web Interface Site for LAN Users Using HTTPS
Figure 6-3. A Web Interface Site Configured for LAN Users Using HTTPS
Chapter 6 Web Interface
Site Type Published Resource Type Kiosk Mode
Virtual Server Protocol select HTTPS IP Address Port
Example
XML Service Addresses XML Service Port Transport Load Balance
Example
Example
Example
Example
Example
Example
Example
Configuring a Web Interface Site for Remote Users Using AGEE
Example
Site Type Published Resource Type Kiosk Mode
Session Reliability Use two STA Servers
Authentication Point Access Gateway URL Add DNS Entry
Trust SSL Certificate STA Server URL STA Server URL
XML Service Addresses XML Service Port Transport Load Balance
Example
Chapter 6 Web Interface
Example
Chapter
How AppFlow Works Configuring the AppFlow Feature
AppFlow
Topics
How AppFlow Works
Figure 7-1. NetScaler Flow Sequence
transactionID
Flow Records
Templates
connectionID
httpRequestURL
Configuring the AppFlow Feature
httpRequestSize
httpUserAgent
To specify a collector by using the NetScaler command line
Enabling or Disabling the AppFlow Feature
To enable the AppFlow feature by using the configuration utility
w enable ns feature appflow w disable ns feature appflow
To specify a collector by using the configuration utility
Configuring an AppFlow Action
To remove a collector by using the NetScaler command line
To configure an AppFlow action by using the NetScaler command line
Collectors collecter-1 Hits Action Reference Count
Parameters for configuring an AppFlow action
Done show appflow action 1 Name apfl-act-collector-1
2 Name apfl-act-collector-2-and-3 Collectors collector-2, collecter-3
To configure an AppFlow policy by using the NetScaler command line
Configuring an AppFlow Policy
To configure an AppFlow action by using the configuration utility
w show appflow policy name
rule
Parameters for configuring an AppFlow policy
name
action
HTTP
To configure an AppFlow policy by using the configuration utility
To add an expression by using the Add Expression dialog box
comment
CLIENT
Binding an AppFlow Policy
w show appflow global
gotoPriorityExpression
To globally bind an AppFlow policy by using the configuration utility
Parameters for binding an AppFlow policy
invoke Invoke flag labelType
Enabling AppFlow for Virtual Servers
To enable AppFlow for a virtual server by using the
NetScaler command line
6. Click Apply Changes
To enable AppFlow for a service by using the NetScaler command line
Enabling AppFlow for a Service
Setting the AppFlow Parameters
To enable AppFlow for a service by using the configuration utility
templateRefresh
AppFlow Parameters
w show appflowParam
appnameRefresh
httpReferer
To set the AppFlow parameters by using the configuration utility
httpCookie
httpMethod
Stopping and Starting the Data Collection Utility
Using the Reporting Tool
Reporting Tool
Chapter
To invoke the Reporting tool
Using the Reporting Tool
Figure 8-1. Report Toolbar Figure 8-2. Chart Toolbar
Working with Reports
To display a built-in report
Using Built-in Reports
Creating and Deleting Reports
To create a custom report
Table 8-1. Time Intervals
Modifying the Time Interval
To delete a custom report
Time interval
To modify the time interval
Setting the Data Source and Time Zone
Exporting and Importing Custom Reports
To set the data source and time zone
Modifying a Chart
Working with Charts
Adding a Chart
To add a chart to a report
To change the graph type of a chart
Viewing a Chart
To refocus a chart with detailed data
To customize the axes of a chart
To scroll through time in a chart
To change the background color and text color of a chart
To view numeric data for a graph
To change the color and graph type of a data set
Exporting Chart Data to Excel
Citrix NetScaler Administration Guide
To export chart data to Excel
Deleting a Chart
To delete a chart
Examples
Limit
Table 8-2. Limits on Entity Numbers Retrieved by nscollect
Entity name
Stopping and Starting the Data Collection Utility
netscaler/nscollect stop
To stop nscollect
To start nscollect on the local system
Entity name
netscaler/nscollect start
netscaler/nscollect start -U 10.102.29.170nsrootnsroot -ds default
To start nscollect on the remote system
Citrix NetScaler Administration Guide