Netscaler Maintenance And Logs
Website Visitors:Backup and restore has two options, basic and full. If we use basic, this will back up only the configuration files. These are the files that will change most often, so you should consider frequently taking a basic backup of the NetScaler. The folders and files that are backed up include the /nsconfig directory, the /var directory, the /NetScaler directory, and ns.conf. Now, if we want to choose a full backup, this will back up the same data as the basic backup; however, it’s going to also capture additional files that are less frequently updated. The folders and files that are backed up include the /nsconfig directory, the /var directory, certificates, and license files.
Licensing
We have local licensing or pooled licensing. Local licensing file should be replaced before it expires. For pooled licensing, we have to renew the licenses in Citrix Cloud.
Logging
When it comes to logging on the NetScaler, the audit logging feature enables you to log NetScaler states and status information collected by the various modules in the kernel and in the user level daemons. For audit logging, you can use the SYSLOG protocol, the native NSLOG protocol, or both.
Syslog is a standard protocol for logging. It has two components, the syslog auditing module which runs on NetScaler, and the Syslog server which can be run on the underlying FreeBSD operating system of the NetScaler. This can also be leveraged on remote systems. Now, syslog uses User Data Protocol, or UDP, for data transfer if we are engaging with remote servers. syslog is rolled over every hour or when we meet a threshold of 100 KB. The stated rollover limit is 25 files, though technically this is 26 since we leverage 0.
In the same way, the native NSLOG protocol has two components, the NSLOG auditing module, which runs on the NetScaler appliance, and the NSLOG server, which can be run on the underlying FreeBSD OS of the NetScaler appliance or on a remote system. Now NSLOG uses TCP, or Transmission Control Protocol, for that data transfer to the remote system. NSLOG rollover happens every 48 hours or 300 MB. This value can be adjusted and customized depending on the administrator’s desire.
Now, if we want to take a look at our logs, we can access this via the GUI or in the CLI by navigating to the shell, navigating to the /var/log directory, and tailing the ns.log file. We can use the tail ns.log with the -f switch while keeping the CLI session open. As we navigate the GUI and we configure our NetScaler, the corresponding CLI commands will be written to the ns.log.
View Logs on NetScaler
Navigate to system/Diagnostics/Manage Logs section to view log files. On the same page, Under Technical Support Tools section, you can start a trace.
Nstrace is a NetScaler packet capture tool. Nstrace will dump the packets in the native NetScaler format. These trace files will have an extension of .cap so that they can be used with network analyzers like Wireshark. You can use specific filters in Wireshark as normal to filter through captured data or specify filters using the NetScaler CLI. Now, if we go ahead and capture a trace, it will be stored in the /var/nstrace directory. It is possible to take a trace with the filter size of 0 to limit data truncating.
Nstcpdump is designed for more low level troubleshooting. It does not collect as much detailed information as nstrace. We want to open up our NetScaler CLI and type shell. We can use filters with nstcpdump, but cannot use filters specific to NetScaler resources. You can view the output directly in the CLI. Now, if we use nstcpdump, the trace is captured in the .pcap format. While if we’re using the nstrace, once again, it’s captured in the .cap format. Nstrace is the preferred method if we want to capture network traffic as it captures additional NetScaler information like connection links that will be extremely useful for administrators that are analyzing the network traffic.
The very first tab after logging into the netscaler is dashboards. This will give us lot of GUI information about the netscaler. In the dashboard to the right, we can see syslog messages.
Goto system/auditing/syslog messages (to the right). You can filter by module or by severity.
login to netscaler through putty and navigate to /var/log folder. Run tail -f ns.log
to see the latest data that is written to ns.log file.
You can collect performance statistics of virtual servers and associated services from an archived newnslog file present in the /var/nslog directory. The newnslog files are interpreted by running /netscaler/nsconmsg. /netscaler/nsconmsg -K /var/nslog/newnslog -d event
- captures event from the newnslog log file.
You can further filter it by using grep. /netscaler/nsconmsg -K /var/nslog/newnslog -d event | grep -i serviceName(or IP)
/netscaler/nsconmsg -K /var/nslog/newnslog -d current
and /netscaler/nsconmsg -K /var/nslog/newnslog -d current -g cpu
are for viewing policy hits and counters.
Under system/diagnostics we can generate tech support file which is required by Citrix tech support for troubleshooting any issues.
Run cat ns.log | grep -i serviceName --color
to filter the ns.log file with serviceName and color it.
Under system/diagnostics/utilities, we have different options like ping, traceroute, command line interface etc.. we can run cli commands on this command line interface option.
under the Technical Support Tools, we can click Generate support file. This is useful if we need to call tech support.
nstcpdump.sh host ip_address
- to run a quick tcp dump.
Login to putty and move to shell. cd /var cat ns.log | more - can view configuration changes, errors or warning messages and performance metrics.
In nslog directory, we can find logs related to the client request received by the NetScaler. The event logs contain records of the system events and activities generated. On the other hand, error logs capture messages related to errors encountered by various components and services. The archived newnslog file provides you with the performance statistics of the virtual server and the associated services. To interpret the newnslog files, run nsconmsg command: nsconmsg -K newnslog -d event. The nsconmsg is mostly widely used to troubleshoot any operation on the newnslog file. When you run this command, you can view the events captured in those specific files. The newnslog file captured data in GMT and not on your NetScaler local time. If we use the same command as shown here, nsconmsg -K newnslog -d current, it will display current performance data.
You can start a trace, reproduce the issue which is run user login etc, and stop the trace.
NSPEPI Tool
When you try to upgrade your firmware upgrade might be cancelled if you have classic or invalid policies in your ns.conf file. Using nspepi tool you can convert all classic policies to advanced policies automatically.
First run, check_invalid_config /nsconfig/ns.conf
command. This will tell you if there are any invalid entries or classic policies in your ns.conf file. Run cp ns.conf ns.conf_backup
to backup your ns.conf file. Next run nspepi -f /nsconfig/ns.conf
. This is going to check line by line and try to convert from anything from classic policy engine to advanced. This will create new_ns.conf
file with all the converted configuration and it will also create warn_ns.conf
file for any warnings or errors that are generated in the process. If there are any deprecated commands, it will create deprecated_ns.conf
file in /nsconfig folder.
Run cat warn_ns.conf
file to view the warnings. Next run, check_invalid_config /nsconfig/new_ns.conf
. If there are no errors in this file, then replace it with the existing ns.conf file.
Want to learn more on Citrix Automations and solutions???
Subscribe to get our latest content by email.