Citrix NetScaler
Citrix NetScaler Administration Guide
Copyright and Trademark Notice
All rights reserved Last Updated March Document code May 21 2012
Page
1 Authentication and Authorization
Contents
Preface
2 SNMP
Contents
Enabling Unconditional SNMP Trap Logging
Citrix NetScaler Administration Guide
Contents
viii
3 Audit Logging
4 Web Server Logging
Citrix NetScaler Administration Guide
Installing and Configuring the Client System for Web Server Logging. . . . . . . . . . . . . . . . . . . . . 96 Installing NSWL Client on a Solaris Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97 To install the NSWL client package on a Solaris operating system. . . . . . . . . . . . . . 97 To uninstall the NSWL client package on a Solaris operating system
Contents
Citrix NetScaler Administration Guide
Configuring TCP Window Scaling xi
5 Advanced Configurations
Contents
xiii
Specifying the MSS Value in a TCP Profile
Citrix NetScaler Administration Guide
6 Web Interface
179 xiv
Enabling AppFlow for Virtual Servers
Contents
7 AppFlow
8 Reporting Tool
Citrix NetScaler Administration Guide
Contents
Formatting Conventions for NetScaler Documentation
Preface
In This Preface
Table 1. Formatting Conventions
Preface
Documentation Available on the NetScaler Appliance
To view the documentation
Convention
NetScaler Documentation Feedback
Getting Service and Support
To provide feedback at the Knowledge Center home page
Preface
Configuring Users and Groups Configuring Command Policies
Authentication and Authorization
Resetting the Default Administrator nsroot Password
Example of a User Scenario Configuring External User Authentication
Configuring User Accounts
Configuring Users and Groups
To create a user account by using the NetScaler command line
w show system user Example
password Password
Parameters for configuring a user account
timeout CLI Idle Session Timeout Secs
userName User Name
To configure a user account by using the configuration utility
Configuring User Groups
To create a user group by using the NetScaler command line
Password Confirm Password CLI Prompt CLI Idle Session Timeout Secs
To bind a user to a group by using the NetScaler command line
To modify or remove a user group by using the NetScaler command line
To unbind a user from a group by using the NetScaler command line
w show system group groupName Example
To configure a user group by using the configuration utility
Parameters for configuring a user group
w show system group groupName
groupName Group Name
Built-in Command Policies
Configuring Command Policies
CLI Prompt CLI Idle Session Timeout Secs
Table 1-1. Built-in Command Policies
Creating Custom Command Policies
except show runningconfig, show
runningconfig, and sh gslb
Command specification
Table 1-2. Examples of Regular Expressions for Command Policies
Matches these commands
Table 1-3. Expressions Used in the Built-in Command Policies
Parameters for configuring a command policy
To create a command policy by using the NetScaler command line
w sh system cmdPolicy Example
policyname
To configure a command policy by using the configuration utility
Binding Command Policies to Users and Groups
To bind command policies to a user by using the configuration utility
Parameters for binding a command policy to a user
w sh system user userName Example
w sh system user userName
Parameters for binding a command policy to a group
To reset the nsroot password
Resetting the Default Administrator nsroot Password
fsck /dev/ad0s1a mount /dev/ad0s1a /flash
Example of a User Scenario
modifyall with action as Allow and the command spec \S+\s+?!system
Configuration steps
Table 1-4. Sample Values for Creating Entities
Field
Configuring External User Authentication
Configuring LDAP Authentication
LDAP server
Table 1-5. User Attribute Fields for LDAP Servers
User attribute
Case sensitive?
4. In Authentication Type, select LDAP. Next to Server, click New
To configure LDAP authentication by using the configuration utility
LDAP server
Bind DN
Determining attributes in the LDAP directory
To configure RADIUS authentication by using the configuration utility
Configuring RADIUS Authentication
Choosing RADIUS authentication protocols
4. In Authentication Type, select RADIUS
To configure IP address extraction by using the configuration utility
Configuring IP address extraction
4. Under Details, in Group Vendor Identifier, type the value
Configuring NT4 Authentication
Configuring TACACS+ Authentication
4. In Authentication Type, select TACACS
To configure NT4 authentication by using the configuration utility
Binding the Authentication Policies to the System Global Entity
2. On the Policies tab, click Global Bindings
Chapter 1 Authentication and Authorization
Configuring the NetScaler for SNMP v1 and v2 Queries
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
Configuring SNMP Alarms for Rate Limiting
Configuring the NetScaler for SNMPv3 Queries
Importing MIB Files to the SNMP Manager and Trap Listener
Configuring the NetScaler to Generate SNMPv1 and SNMPv2 Traps
To import the MIB files to the SNMP manager and trap listener
To enable or disable an SNMP alarm by using the command line
Enabling or Disabling an SNMP Alarm
To enable or disable an SNMP alarm by using the configuration utility
w enable snmp alarm alarm name w sh snmp alarm alarm name
To configure an SNMP alarm by using the command line
Configuring Alarms
Parameters for configuring SNMP alarms
w sh snmp alarm alarm Name
To configure SNMP alarms by using the configuration utility
Configuring Traps
To add an SNMP trap by using the NetScaler command line
To configure SNMP Traps by using the configuration utility
Parameters for configuring SNMP traps
w show snmp trap
trapClass
Enabling Unconditional SNMP Trap Logging
w set snmp option -snmpTrapLogging ENABLED DISABLED
Destination IP Address*-trapDestination Destination Port-destPort
Source IP Address-srcIP Minimum Severity-severity
Specifying an SNMP Manager
Configuring the NetScaler for SNMP v1 and v2 Queries
Parameters for unconditional SNMP trap logging
SnmpTrapLogging SNMP Trap Logging
w show snmp manager
To add an SNMP manager by using the NetScaler command line
w show snmp manager
IPAddress
Parameters for configuring an SNMP manager
w show snmp manager
netmask
To add an SNMP manager by using the configuration utility
domainResolveRetry
IP Address*-IPAddress
Parameters for configuring an SNMP community string
To specify an SNMP community by using the NetScaler command line
Specifying an SNMP Community
w sh snmp community
Configuring an SNMP Alarm for Throughput or PPS
Configuring SNMP Alarms for Rate Limiting
To remove an SNMP community string by using the configuration utility
Community String*-communityName
w show snmp alarm PF-RL-RATE-THRESHOLD
w show snmp alarm PF-RL-PPS-THRESHOLD
Parameters for configuring an SNMP alarm for throughput or PPS
thresholdValue
normalValue
Configuring SNMP Alarm for Dropped Packets
Parameters for configuring an SNMP alarm for dropped packets
Configuring the NetScaler for SNMPv3 Queries
state
severity
Setting the Engine ID
To set the engine ID by using the NetScaler command line
Configuring a View
Parameters for setting the engine ID
To set the engine ID by using configuration utility
Parameters for configuring an SNMP view
Configuring a Group
To configure an SNMP view by using the configuration utility
To add an SNMP group by using the NetScaler command line
Parameters for configuring an SNMP group
Configuring a User
To configure an SNMP group by using the configuration utility
To configure a user by using the NetScaler command line
To configure an SNMP user by using the configuration utility
Parameters for configuring an SNMP user
Name*-name Group Name*-group Authentication Type-authType
Authentication Password-authPasswd Privacy Type-privType
A required parameter 4. Click Create or OK, and then click Close
Citrix NetScaler Administration Guide
Chapter 2 SNMP
Installing and Configuring the NSLOG Server Running the NSLOG Server
Configuring the NetScaler Appliance for Audit Logging
Default Settings for the Log Properties
Sample Configuration File audit.conf
Chapter 3 Audit Logging
Configuring Audit Servers
Configuring the NetScaler Appliance for Audit Logging
To configure a SYSLOG server action by using the command line
w show audit syslogAction name
Parameters for configuring auditing servers
To configure an NSLOG server action by using the command line
w show audit nslogAction name
serverIP
Log levels defined
ERROR
dateFormat
logFacility
To configure an auditing server action
Configuring Audit Policies
To configure a SYSLOG policy by using the command line
User Configurable Log Messages-userDefinedAuditlog
Parameters for configuring audit policies
To configure an NSLOG policy by using the command line
w add audit syslogPolicy name rule action
w show audit syslogPolicy name
Binding the Audit Policies Globally
To configure an audit server policy
Parameters for binding the audit policies globally
Name* name Server* action
Configuring an Audit Message Action
Configuring Policy-Based Logging
To create an audit message action by using the NetScaler command line
To globally bind the audit policy
bypassSafetyCheck
Parameters for configuring an audit message action
Example
stringBuilderExpr
Binding Audit Message Action to a Policy
Installing and Configuring the NSLOG Server
Name*-name Log Level*-logLevel
To install the NSLOG server package on a Linux operating system
Installing NSLOG Server on the Linux Operating System
Table 3-1. Supported Platforms for the NSLOG Server
Operating system
To uninstall the NSLOG server package on a Linux operating system
Installing NSLOG Server on the FreeBSD Operating System
To install the NSLOG server package on a FreeBSD operating system
Installing NSLOG Server Files on the Windows Operating System
To uninstall the NSLOG server package on a FreeBSD operating system
pkgadd audserverbsd-release number-build number.tgz Example
Citrix NetScaler Administration Guide
To install NSLOG server on a Windows operating system
To uninstall the NSLOG server on a Windows operating system
NSLOG Server Command Options
Audit server commands
audserver -remove
To add the IP addresses of the NetScaler appliance
Adding the NetScaler Appliance IP Addresses on the NSLOG Server
Audit server commands
audserver -remove
To stop audit server logging that starts as a service in Windows
Verifying the NSLOG Server Configuration File
Running the NSLOG Server
To start audit server logging
Creating Filters
Customizing Logging on the NSLOG Server
To create a filter
Example
Specifying Log Properties
Example
Example
Default Settings for the Log Properties
Example
Example
Example
Sample Configuration File audit.conf
Example
Installing and Configuring the Client System for Web Server Logging
Configuring the NetScaler Appliance for Web Server Logging
Sample Configuration File Arguments for Defining a Custom Log Format
Web Server Logging
w enable ns feature WL w disable ns feature WL w sh ns feature
Configuring the NetScaler Appliance for Web Server Logging
Enabling or Disabling Web Server Logging
Web Logging
To modify the buffer size by using the NetScaler command line
Modifying the Default Buffer Size
Parameter for modifying the buffer size
w sh weblogparam Example
To modify the buffer size by using the configuration utility
Installing and Configuring the Client System for Web Server Logging
Table 4-1. Supported Platforms for the NSWL Client
Version
To install the NSWL client package on a Solaris operating system
Installing NSWL Client on a Solaris Operating System
Hardware requirements
cp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmp
To uninstall the NSWL client package on a Solaris operating system
Installing NSWL Client on a Linux Operating System
To install the NSWL client package on a Linux operating system
cd /tmp
To uninstall the NSWL client package on a Linux operating system
Installing NSWL Client on a FreeBSD Operating System
To view the installed Web server logging files
To install the NSWL client package on a FreeBSD operating system
To uninstall the NSWL client package on a FreeBSD operating system
Installing NSWL Client on a Mac OS Operating System
To install the NSWL client package on a Mac OS operating system
pkgdelete NSweblog
To uninstall the NSWL client package on a Mac OS operating system
Installing NSWL Client on a Windows Operating System
To install the NSWL client on a Windows system
pkgdelete NSweblog
To uninstall the NSWL client on a Windows system
Installing NSWL Client on an AIX Operating System
To install the NSWL client package on an AIX operating system
To uninstall the NSWL client package on an AIX operating system
Table 4-3. NSWL Command Options
NSWL Client Command Options
NSWL command
To view the installed Web server logging files
To add the NSIP address of the NetScaler appliance
Adding the IP Addresses of the NetScaler Appliance
nswl -addns -f directorypath \log.conf
NSWL command
To verify the configuration in the NSWL configuration file
Verifying the NSWL Configuration File
Running the NSWL Client
Customizing Logging on the NSWL Client System
Parameter
Table 4-4. Parameters for Creating a Filter
Creating Filters
Specifies
To create a filter, enter the following command in the log.conf file
To create a filter for a virtual server
Specifying Log Properties
To create a filter
Example
Chapter 4 Web Server Logging
Example
NCSA Common Log Format
Understanding the NCSA and W3C Log Formats
Example
Example
Table 4-5. NCSA Common Log Format
W3C Extended Log Format
Argument
Specifies
Directives
Entries
Table 4-6. Directive Descriptions
Directive
Identifiers
Fields
Table 4-7. Prefix Descriptions
Prefix
Identifier
Table 4-8. W3C Extended Log Format Identifiers No Prefix Required
Table 4-9. W3C Extended Log Format Identifiers Requires a Prefix
Table 4-10. W3C Extended Log File Format Allows Log Fields
Creating a Custom Log Format
Creating a Custom Log Format by Using the NSWL Library
Field
Description
Creating a Custom Log Format Manually
To create the custom log format by using the NSWL Library
Example
Creating Apache Log Formats
Sample Configuration File
Citrix NetScaler Administration Guide
Table 4-11. Custom Log Format
Arguments for Defining a Custom Log Format
Argument
Specifies
b d g h H Foobari j J l m M Foobaro p q
Argument
Specifies
r s t formatt T u U v V V6
Argument
Specifies
Table 4-12. Time Format Definition
Time Format Definition
Argument
Specifies
Argument
Chapter 4 Web Server Logging
Specifies
Citrix NetScaler Administration Guide
Chapter 4 Web Server Logging
Configuring Clock Synchronization Viewing the System Date and Time
Advanced Configurations
Configuring TCP Window Scaling Configuring Selective Acknowledgment
Clearing the Configuration Viewing the HTTP Band Statistics
To add an NTP server by using the NetScaler command line
Configuring Clock Synchronization
w show ntp server Example
Parameters for configuring an NTP server
To modify or remove NTP servers by using the NetScaler command line
To configure an NTP server by using the configuration utility
serverName
w enable ntp sync w disable ntp sync
Configuring Clock Synchronization Manually
Starting or Stopping the NTP Daemon
usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.log
To view the system date and time by using the NetScaler command line
show ns config Example
Viewing the System Date and Time
To view the system date and time by using the configuration utility
Configuring TCP Window Scaling
System Time Tue Feb 165044
Parameters for configuring window scaling
To configure window scaling by using the NetScaler command line
w show ns tcpParam Example
WSVal
To configure window scaling by using the configuration utility
Configuring Selective Acknowledgment
ENABLED
SACK status
To enable SACK by using the Configuration Utility
Clearing the Configuration
To clear a configuration by using the NetScaler command line
To clear a configuration by using the configuration utility
Parameters for clearing a configuration
Viewing the HTTP Band Statistics
level
To modify the band range by using the NetScaler command line
To modify the band range by using the configuration utility
Configuring HTTP Profiles
To add an HTTP profile by using the NetScaler command line
Table 5-1. Built-in HTTP Profiles
Parameters for adding an HTTP profile
ENABLED DISABLED w sh ns httpProfile Example
name Name
maxReusePool Max Connection in reusepool
To add an HTTP profile by using the configuration utility
Configuring TCP Profiles
Table 5-2. Built-in TCP Profiles
Built-in profile
Built-in profile
To add a TCP profile by using the NetScaler command line
Description
Parameters for creating a TCP profile
delayedAck TCP Delayed ACK Time-out msec
w sh ns tcpProfile Example
WS Window Scaling
Initial Congestion Window Size TCP Delayed ACK Time-out msec
To add a TCP profile by using the configuration utility
pktPerRetx Maximum Packets per Retransmission
minRTO Minimum RTO in millisec
Use Nagles Algorithm Immediate ACK on Receiving Packet with PUSH
Specifying a TCP Buffer Size
w set ns tcpProfile name -bufferSize positiveinteger
w show ns tcpProfile name
w show ns tcpProfile nstcpdefaultprofile
w set ns tcpProfile nstcpdefaultprofile -bufferSize positiveinteger
Example
12000
bufferSize
Parameters for setting the TCP buffer size in a TCP profile
name
Parameters for specifying the MSS value in a TCP profile
Specifying the MSS Value in a TCP Profile
w set ns tcpParam -learnVsvrMSS ENABLEDDISABLED w show ns tcpParam
Configuring the NetScaler to Learn the MSS Value from Bound Services
Learn MSS for VServer
ENABLED
learnVsvrMSS
Chapter 5 Advanced Configurations
Configuring the Web Interface
How Web Interface Works Prerequisites Installing the Web Interface
Web Interface
Chapter
Prerequisites
How Web Interface Works
Figure 6-1. A Basic Web Interface Session
Example
Installing the Web Interface
Parameters for installing the Web interface and JRE tar files
Configuring the Web Interface
Web Interface tar file path
JRE tar file path
Kiosk Mode
Parameters for configuring Web interface sites
Direct Mode
Site Type
Authentication Point
Gateway Direct Mode
Access Gateway URL
Port
XML Service Addresses
Configuring a Web Interface Site for LAN Users Using HTTP
XML Service Port
Transport
Site Type Published Resource Type Kiosk Mode
Figure 6-2. A Web Interface Site Configured for LAN Users Using HTTP
Virtual Server Protocol select HTTPS IP Address Port
XML Service Addresses XML Service Port Transport Load Balance
Example
Example
Example
Example
Figure 6-3. A Web Interface Site Configured for LAN Users Using HTTPS
Configuring a Web Interface Site for LAN Users Using HTTPS
Chapter 6 Web Interface
Site Type Published Resource Type Kiosk Mode
Virtual Server Protocol select HTTPS IP Address Port
Example
XML Service Addresses XML Service Port Transport Load Balance
Example
Example
Example
Example
Example
Example
Example
Configuring a Web Interface Site for Remote Users Using AGEE
Example
Site Type Published Resource Type Kiosk Mode
Trust SSL Certificate STA Server URL STA Server URL
Authentication Point Access Gateway URL Add DNS Entry
Session Reliability Use two STA Servers
XML Service Addresses XML Service Port Transport Load Balance
Example
Chapter 6 Web Interface
Example
AppFlow
How AppFlow Works Configuring the AppFlow Feature
Chapter
Topics
Figure 7-1. NetScaler Flow Sequence
How AppFlow Works
Templates
Flow Records
transactionID
connectionID
httpRequestSize
Configuring the AppFlow Feature
httpRequestURL
httpUserAgent
To enable the AppFlow feature by using the configuration utility
Enabling or Disabling the AppFlow Feature
To specify a collector by using the NetScaler command line
w enable ns feature appflow w disable ns feature appflow
To remove a collector by using the NetScaler command line
Configuring an AppFlow Action
To specify a collector by using the configuration utility
To configure an AppFlow action by using the NetScaler command line
Done show appflow action 1 Name apfl-act-collector-1
Parameters for configuring an AppFlow action
Collectors collecter-1 Hits Action Reference Count
2 Name apfl-act-collector-2-and-3 Collectors collector-2, collecter-3
To configure an AppFlow action by using the configuration utility
Configuring an AppFlow Policy
To configure an AppFlow policy by using the NetScaler command line
w show appflow policy name
name
Parameters for configuring an AppFlow policy
rule
action
To add an expression by using the Add Expression dialog box
To configure an AppFlow policy by using the configuration utility
HTTP
comment
CLIENT
Binding an AppFlow Policy
w show appflow global
Parameters for binding an AppFlow policy
To globally bind an AppFlow policy by using the configuration utility
gotoPriorityExpression
invoke Invoke flag labelType
NetScaler command line
To enable AppFlow for a virtual server by using the
Enabling AppFlow for Virtual Servers
6. Click Apply Changes
Setting the AppFlow Parameters
Enabling AppFlow for a Service
To enable AppFlow for a service by using the NetScaler command line
To enable AppFlow for a service by using the configuration utility
w show appflowParam
AppFlow Parameters
templateRefresh
appnameRefresh
httpCookie
To set the AppFlow parameters by using the configuration utility
httpReferer
httpMethod
Reporting Tool
Using the Reporting Tool
Stopping and Starting the Data Collection Utility
Chapter
Figure 8-1. Report Toolbar Figure 8-2. Chart Toolbar
Using the Reporting Tool
To invoke the Reporting tool
Working with Reports
Creating and Deleting Reports
Using Built-in Reports
To display a built-in report
To create a custom report
To delete a custom report
Modifying the Time Interval
Table 8-1. Time Intervals
Time interval
Exporting and Importing Custom Reports
Setting the Data Source and Time Zone
To modify the time interval
To set the data source and time zone
Adding a Chart
Working with Charts
Modifying a Chart
To add a chart to a report
To change the graph type of a chart
Viewing a Chart
To refocus a chart with detailed data
To change the background color and text color of a chart
To scroll through time in a chart
To customize the axes of a chart
To view numeric data for a graph
To change the color and graph type of a data set
Exporting Chart Data to Excel
Citrix NetScaler Administration Guide
To delete a chart
Deleting a Chart
To export chart data to Excel
Examples
Entity name
Table 8-2. Limits on Entity Numbers Retrieved by nscollect
Limit
Stopping and Starting the Data Collection Utility
To start nscollect on the local system
To stop nscollect
netscaler/nscollect stop
Entity name
To start nscollect on the remote system
netscaler/nscollect start -U 10.102.29.170nsrootnsroot -ds default
netscaler/nscollect start
Citrix NetScaler Administration Guide