-
Getting Started with NetScaler
-
Deploy a NetScaler VPX instance
-
Optimize NetScaler VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
-
Apply NetScaler VPX configurations at the first boot of the NetScaler appliance in cloud
-
Configure simultaneous multithreading for NetScaler VPX on public clouds
-
Install a NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for installing NetScaler VPX virtual appliances on Linux-KVM platform
-
Provisioning the NetScaler virtual appliance by using OpenStack
-
Provisioning the NetScaler virtual appliance by using the Virtual Machine Manager
-
Configuring NetScaler virtual appliances to use SR-IOV network interface
-
Configure a NetScaler VPX on KVM hypervisor to use Intel QAT for SSL acceleration in SR-IOV mode
-
Configuring NetScaler virtual appliances to use PCI Passthrough network interface
-
Provisioning the NetScaler virtual appliance by using the virsh Program
-
Provisioning the NetScaler virtual appliance with SR-IOV on OpenStack
-
Configuring a NetScaler VPX instance on KVM to use OVS DPDK-Based host interfaces
-
-
Deploy a NetScaler VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Protect AWS API Gateway using the NetScaler Web Application Firewall
-
Configure a NetScaler VPX instance to use SR-IOV network interface
-
Configure a NetScaler VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a NetScaler VPX instance on Microsoft Azure
-
Network architecture for NetScaler VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a NetScaler VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Deploy a NetScaler high-availability pair on Azure with ALB in the floating IP-disabled mode
-
Configure a NetScaler VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the NetScaler high availability template with Azure ILB
-
Configure a high-availability setup with Azure external and internal load balancers simultaneously
-
Configure a NetScaler VPX standalone instance on Azure VMware solution
-
Configure a NetScaler VPX high availability setup on Azure VMware solution
-
Configure address pools (IIP) for a NetScaler Gateway appliance
-
Deploy a NetScaler VPX instance on Google Cloud Platform
-
Deploy a VPX high-availability pair on Google Cloud Platform
-
Deploy a VPX high-availability pair with external static IP address on Google Cloud Platform
-
Deploy a single NIC VPX high-availability pair with private IP address on Google Cloud Platform
-
Deploy a VPX high-availability pair with private IP addresses on Google Cloud Platform
-
Install a NetScaler VPX instance on Google Cloud VMware Engine
-
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
Web Application Firewall protection for VPN virtual servers and authentication virtual servers
-
On-premises NetScaler Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
Configure DNS resource records
-
Configure NetScaler as a non-validating security aware stub-resolver
-
Jumbo frames support for DNS to handle responses of large sizes
-
Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode
-
Use case - configure the automatic DNSSEC key management feature
-
Use Case - configure the automatic DNSSEC key management on GSLB deployment
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the NetScaler appliance
-
-
Metrics
-
-
-
-
-
Authentication and authorization for System Users
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Metrics
Metrics refers to the piece of data that is tracked by NetScaler. Metrics provide meaningful insights and is useful to track the health of NetScaler and the applications handled by NetScaler.
A time series is a sequence of sequential data points that occur over a particular interval of time. NetScaler supports configuring the analytics time series profile to send metrics to a service.
Configure metrics
You can enable metrics on NetScaler to collect and export metrics from NetScaler to various endpoints. You can export metrics in the following formats: Avro, Prometheus, and JSON. The exported metrics can be processed and visualized to get meaningful insights. By default, metrics supports the export of time-series analytics data every 30 seconds. However, you can configure it to a value between 30 to 300 seconds as per your requirement.
Do the following to configure a metrics using the NetScaler CLI.
-
Configure a service with IP address, protocol, and port using the following command:
add service <metrics_service_name> <ip-address> <protocol> <port> <!--NeedCopy-->Example:
add service metrics_service1 192.168.1.1 HTTP 5563 <!--NeedCopy--> -
Configure the analytics time series profile to send metrics to the service. Specify the service, frequency for exporting metrics, and output mode.
set analytics profile ns_analytics_time_series_profile -collectors <metrics_service_name> -type timeseries -metrics ENABLED metricsExportFrequency <30-300> -outputMode <avro/prometheus> <!--NeedCopy-->Example:
set analytics profile ns_analytics_time_series_profile -collectors metrics_service1 -type timeseries -metrics Enabled metricsExportFrequency 90 -outputMode prometheus --serveMode PUSH <!--NeedCopy-->Note:
This example uses the default time series profile
ns_analytics_time_series_profile. If you want to create a time series profile, you can use theadd analytics profilecommand.In this example, metrics export frequency is set as 90 seconds and export mode is specified as Prometheus.
Verify the metrics configuration using the
show analytics profile <analytics-profile-name>command:show analytics profile ns_analytics_time_series_profile Name: ns_analytics_time_series_profile Collector: metrics_service1 Profile-type: timeseries Output Mode: Prometheus Metrics: ENABLED Schema File: schema.json Metrics Export Frequency: 90 Events: DISABLED Auditlog: DISABLED Serve mode: Pull Reference Count: 0 <!--NeedCopy-->
Metrics file generation
The metrics_<format>_log.* files are generated under the /var/nslog/ folder location.
Dynamic schema support
Starting from NetScaler release 13.1 build 24.38, dynamic schema counters are supported. With the support of dynamic schema counters, a schema file containing a list of counters can be updated at run time based on the requirement. By default, /var/metrics_conf/schema.json file is configured with a list of counters.
Note:
- The metrics default schema file
/var/metrics_conf/schema.jsoncan be installed on a NetScaler appliance byinstallnsprocedure. For information oninstallnsprocedure, see Upgrade and downgrade a NetScaler appliance.- Default schema file
/var/metrics_conf/schema.jsonconsists of a few entities and counters that are not part ofreference_schema.json. These counters are retained inschema.jsonfor backward compatibility reasons because they were part of the older version of metrics which supported static schema.- If the
ratefield in schema.json is set toTrue, then a counter calledRATE__<counter_name>is exported by metricscollector as part of metrics payload.
Configure the metrics to subscribe counters using the CLI
Start the metrics export by configuring a service.
At the command prompt, type:
set analytics profile ns_analytics_time_series_profile -metrics ENABLED -collectors <collector_name> -schemaFile schema.json -outputMode <avro | prometheus>
<!--NeedCopy-->
Note:
schema.jsonis the default schemaFile configuration.
A new schema file with a required set of counters can be configured using the CLI command for the metrics to export. The schema file must be present at the /var/metrics_conf/ location.
The schema file containing all the list of counters (reference_schema.json) supported by stats infra is present in the /var/metrics_conf/ location. This file can be used as a reference to build a custom list of counters.
Configure a schema file using the CLI
set analytics profile ns_analytics_time_series_profile -metrics ENABLED -collectors <collector name> -schemaFile <schema file_name> -outputMode <avro | prometheus>
<!--NeedCopy-->
A new schema file with the required counters can be added and configured using the preceding CLI command for metrics to export.
The reference schema file with all the list of counters (reference_schema.json) supported by stats infra are present in /var/metrics_conf/ location. This file can be used as a reference to build a custom list of counters.
Check the CLI configuration output at the command prompt:
show analytics profile ns_analytics_time_series_profile
Name: ns_analytics_time_series_profile
Collector: <collector_name>
Profile-type: timeseries
Output Mode: avro
Metrics: ENABLED
Schema File: schema.json
Events: ENABLED
Auditlog: DISABLED
Serve mode: Push
Reference Count: 0
<!--NeedCopy-->
Steps to update the list of counters exported
Perform the following steps to update the list of exported counters:
- Update the custom/new schema file.
- Disable and enable metrics using the
-metricsoption shown in the CLI configuration for the updated schema file to be used.
Multiple time-series profile support
Starting from NetScaler release 13.1 build 33.47, up to three time-series profile configurations are supported on NetScaler.
You can configure each time series to have the following:
-
Collector.
-
Schema file containing the required set of counters to be exported.
-
The data format in which the metrics are to be exported.
-
The option to enable or disable metrics audit logs and events.
With the multiple time-series profile support, the metrics can simultaneously export a different set (based on the schema file configured) of metrics to different collectors in different formats (Avro, Prometheus, Influx).
Note:
Even though metrics can be enabled on all the configured time-series profiles, events and audit logs can be enabled only on one profile.
Add time-series profile using the CLI
At the command prompt, type:
add analytics profile <profile_name> -type timeseries
<!--NeedCopy-->
Configure time-series profile using the CLI
At the command prompt, type:
set analytics profile <profile_name> -metrics <DISABLED|ENABLED> -auditlogs <DISABLED|ENABLED> -events <DISABLED|ENABLED> -collectors <collector_name> -schemaFile schema.json -outputMode <avro | influx | prometheus>
<!--NeedCopy-->
Log file-naming conventions with multiple time-series profile support
- Avro log files are generated as
metrics_avro_<profile_name>_log.*. - Prometheus log files are generated as
metrics_prom_<profile_name>.log.
Configure use-case specific metrics export
You can export only the metrics related to a specific use case by creating a schema file. For example, if you want to view only TCP traffic related metrics, then you can create a tcptrafficschema.json file to export only the metrics related to TCP traffic. With the use case specific metrics export, finding the metrics that you want becomes easier.
NetScaler supports exporting metrics for the following use cases:
- Virtual server
- Application security
- SSL traffic
- TCP traffic
- HTTP traffic
- System overview
Virtual server
To view only virtual server related metrics perform the following steps:
- Log in to NetScaler CLI and navigate to
/var/metrics_conf/folder. -
Create a schema file. For example,
vserver_metrics.json.set analytics profile ns_analytics_time_series_profile -schemaFile vserver_metrics.json <!--NeedCopy--> -
Add the following content and save the changes:
{ "server_svc_cfg": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"}, {"name":"si_cur_Clients","rate":"False"}, {"name":"si_cur_Servers","rate":"False"} ], "server_serviceGroup": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"}, {"name":"si_cur_Clients","rate":"False"}, {"name":"si_cur_Servers","rate":"False"} ], "vserver_authn": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_cr": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_cs": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"}, {"name":"si_cur_Clients","rate":"False"}, {"name":"si_cur_Servers","rate":"False"} ], "gslb_server": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "gslb_vserver": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "server_gslb_serviceGroup": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_lb": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"}, {"name":"si_cur_Clients","rate":"False"}, {"name":"si_cur_Servers","rate":"False"} ], "vserver_vpn": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_user": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"}, {"name":"si_cur_Clients","rate":"False"}, {"name":"si_cur_Servers","rate":"False"} ] } <!--NeedCopy-->
Application security
To view only application security related metrics, perform the following steps:
- Log in to NetScaler CLI and navigate to
/var/metrics_conf/folder. -
Create a schema file. For example,
appsec_metrics.json.set analytics profile ns_analytics_time_series_profile -schemaFile appsec_metrics.json <!--NeedCopy--> -
Add the following content and save the changes:
{ "netscaler": [ {"name":"as_viol_starturl","rate":"True"}, {"name":"as_viol_denyurl","rate":"True"}, {"name":"as_viol_referer_header","rate":"True"}, {"name":"as_viol_bufferoverflow","rate":"True"}, {"name":"as_viol_grpc","rate":"True"}, {"name":"as_viol_postbodylimit","rate":"True"}, {"name":"as_viol_cookie","rate":"True"}, {"name":"as_viol_cookie_hijack","rate":"True"}, {"name":"as_viol_csrf_tag","rate":"True"}, {"name":"as_viol_xss","rate":"True"}, {"name":"as_viol_sql","rate":"True"}, {"name":"as_viol_fldfmt","rate":"True"}, {"name":"as_viol_fldconsistency","rate":"True"}, {"name":"as_viol_fileuploadtypes","rate":"True"}, {"name":"as_viol_infer_ctype_xml","rate":"True"}, {"name":"as_viol_safecommerce","rate":"True"}, {"name":"as_viol_safeobject","rate":"True"}, {"name":"as_viol_signature","rate":"True"}, {"name":"as_viol_content_type","rate":"True"}, {"name":"as_viol_cmd","rate":"True"}, {"name":"as_viol_json_dos","rate":"True"}, {"name":"as_viol_json_sql","rate":"True"}, {"name":"as_viol_json_xss","rate":"True"}, {"name":"as_viol_json_cmd","rate":"True"}, {"name":"as_viol_sql_gram","rate":"True"}, {"name":"as_viol_json_sql_gram","rate":"True"}, {"name":"as_viol_sql_comb","rate":"True"}, {"name":"as_viol_xxe_comb","rate":"True"}, {"name":"as_viol_xss_comb","rate":"True"}, {"name":"as_viol_owasp_comb","rate":"True"}, {"name":"as_viol_cmd_gram","rate":"True"}, {"name":"as_viol_json_cmd_gram","rate":"True"}, {"name":"as_viol_block_keyword","rate":"True"}, {"name":"as_viol_json_blockkeyword","rate":"True"}, {"name":"as_Requests","rate":"False"}, {"name":"http_tot_Requests","rate":"True"}, {"name":"http_tot_Requests1_0","rate":"True"}, {"name":"http_tot_Requests1_1","rate":"True"}, {"name":"as_sig_num_viols","rate":"True"} ], "appfw__": [ {"name":"as_viol_starturl_profile","rate":"True"}, {"name":"as_viol_denyurl_profile","rate":"True"}, {"name":"as_viol_referer_header_profile","rate":"True"}, {"name":"as_viol_bufferoverflow_profile","rate":"True"}, {"name":"as_viol_postbodylimit_profile","rate":"True"}, {"name":"as_viol_cookie_profile","rate":"True"}, {"name":"as_viol_cookie_hijack_profile","rate":"True"}, {"name":"as_viol_csrf_tag_profile","rate":"True"}, {"name":"as_viol_xss_profile","rate":"True"}, {"name":"as_viol_sql_profile","rate":"True"}, {"name":"as_viol_fldfmt_profile","rate":"True"}, {"name":"as_viol_fldconsistency_profile","rate":"True"}, {"name":"as_viol_safecommerce_profile","rate":"True"}, {"name":"as_viol_safeobject_profile","rate":"True"}, {"name":"as_viol_signature_profile","rate":"True"}, {"name":"as_viol_content_type_profile","rate":"True"}, {"name":"as_viol_json_dos_profile","rate":"True"}, {"name":"as_viol_json_sql_profile","rate":"True"}, {"name":"as_viol_json_xss_profile","rate":"True"}, {"name":"as_viol_json_cmd_profile","rate":"True"}, {"name":"as_viol_fileuploadtypes_profile","rate":"True"}, {"name":"as_viol_infer_ctype_xml_profile","rate":"True"}, {"name":"as_viol_cmd_profile","rate":"True"}, {"name":"as_viol_sql_gram_profile","rate":"True"}, {"name":"as_viol_json_sql_gram_profile","rate":"True"}, {"name":"as_viol_sql_comb_profile","rate":"True"}, {"name":"as_viol_xxe_comb_profile","rate":"True"}, {"name":"as_viol_xss_comb_profile","rate":"True"}, {"name":"as_viol_owasp_comb_profile","rate":"True"}, {"name":"as_viol_cmd_gram_profile","rate":"True"}, {"name":"as_viol_json_cmd_gram_profile","rate":"True"}, {"name":"as_viol_block_keyword_profile","rate":"True"}, {"name":"as_viol_json_blockkeyword_profile","rate":"True"}, {"name":"as_viol_total_per_profile","rate":"True"} ] } <!--NeedCopy-->
SSL traffic
To view only SSL related metrics, perform the following steps:
- Log in to NetScaler CLI and navigate to
/var/metrics_conf/folder. -
Create a schema file. For example,
ssltraffic_metrics.json.set analytics profile ns_analytics_time_series_profile -schemaFile ssltraffic_metrics.json <!--NeedCopy--> -
Add the following content and save the changes:
{ "netscaler": [ {"name":"ssl_tot_sslInfo_TotalTxCount","rate":"True"}, {"name":"ssl_tot_enc_bytes","rate":"True"}, {"name":"ssl_tot_dec_bytes","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_RSA_512","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_RSA_1024","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_RSA_2048","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_RSA_3072","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_RSA_4096","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_DH_512","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_DH_1024","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_DH_2048","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_DH_4096","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_ECDHE_curve_secp521r1","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_ECDHE_curve_secp384r1","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_ECDHE_curve_secp256r1","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_ECDHE_curve_secp224r1","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_ECDHE_curve_x25519","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_RC4_40","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_RC4_56","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_RC4_64","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_RC4_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_DES_40","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_DES_56","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_3DES_168","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_AES_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_AES_256","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_RC2_40","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_RC2_56","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_RC2_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_AESGCM_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_AESGCM_256","rate":"True"}, {"name":"ssl_tot_sslInfo_Cipher_NULL","rate":"True"}, {"name":"ssl_tot_sslInfo_Hash_MD5","rate":"True"}, {"name":"ssl_tot_sslInfo_Hash_SHA","rate":"True"}, {"name":"ssl_tot_sslInfo_Hash_SHA256","rate":"True"}, {"name":"ssl_tot_sslInfo_Hash_SHA384","rate":"True"}, {"name":"ssl_tot_sslInfo_SSLv3HandskCount","rate":"True"}, {"name":"ssl_tot_sslInfo_TLSv1HandskCount","rate":"True"}, {"name":"ssl_tot_sslInfo_TLSv11HandskCount","rate":"True"}, {"name":"ssl_tot_sslInfo_TLSv12HandskCount","rate":"True"}, {"name":"ssl_tot_sslInfo_Auth_RSA","rate":"True"}, {"name":"ssl_tot_sslInfo_Auth_DH","rate":"True"}, {"name":"ssl_tot_sslInfo_Auth_DSS","rate":"True"}, {"name":"ssl_tot_sslInfo_Auth_ECDSA","rate":"True"}, {"name":"ssl_tot_sslInfo_Auth_NULL","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_backend_ecdhe_curve_secp521r1","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_backend_ecdhe_curve_secp384r1","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_backend_ecdhe_curve_secp256r1","rate":"True"}, {"name":"ssl_tot_sslInfo_KeyEx_backend_ecdhe_curve_secp224r1","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_RC4_40","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_RC4_56","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_RC4_64","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_RC4_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_DES_40","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_DES_56","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_3DES_168","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_AES_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_AES_256","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_RC2_40","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_RC2_56","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_RC2_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_AESGCM_128","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_AESGCM_256","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Cipher_NULL","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Hash_MD5","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Hash_SHA","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Hash_SHA256","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Hash_SHA384","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Auth_RSA","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Auth_DH","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Auth_DSS","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Auth_ECDSA","rate":"True"}, {"name":"ssl_tot_sslInfo_Backend_Auth_NULL","rate":"True"}, {"name":"ssl_tot_enc_bytes_FE","rate":"True"}, {"name":"ssl_tot_enc_bytes_BE","rate":"True"}, {"name":"ssl_tot_dec_bytes_FE","rate":"True"}, {"name":"ssl_tot_dec_bytes_BE","rate":"True"}, {"name":"ssl_cur_session_inuse","rate":"True"} ], "vserver_ssl": [ {"name":"ssl_ctx_tot_HandskFail","rate":"True"} ] } <!--NeedCopy-->
TCP traffic
To view only TCP related metrics, perform the following steps:
- Log in to NetScaler CLI and navigate to
/var/metrics_conf/folder. -
Create a schema file. For example,
tcptraffic_metrics.json.set analytics profile ns_analytics_time_series_profile -schemaFile tcptraffic_metrics.json <!--NeedCopy--> -
Add the following content and save the changes:
{ "server_svc_cfg": [ {"name":"si_tot_pkt_rcvd","rate":"True"}, {"name":"si_tot_pkt_sent","rate":"True"} ], "vserver_cr": [ {"name":"si_tot_pkt_rcvd","rate":"True"}, {"name":"si_tot_pkt_sent","rate":"True"} ], "vserver_cs": [ {"name":"si_tot_pkt_rcvd","rate":"True"}, {"name":"si_tot_pkt_sent","rate":"True"} ], "vserver_lb": [ {"name":"si_tot_pkt_rcvd","rate":"True"}, {"name":"si_tot_pkt_sent","rate":"True"} ], "netscaler": [ {"name":"tcp_cur_ClientConn","rate":"False"}, {"name":"tcp_cur_ClientConnEst","rate":"False"}, {"name":"tcp_cur_ServerConn","rate":"False"}, {"name":"tcp_cur_ServerConnEst","rate":"False"}, {"name":"tcp_cur_ClientConnClosing","rate":"False"}, {"name":"tcp_cur_ServerConnClosing","rate":"False"}, {"name":"tcp_cur_surgequeuelen","rate":"False"}, {"name":"tcp_err_rst","rate":"False"}, {"name":"tcp_err_noip","rate":"False"}, {"name":"tcp_err_retransmit_giveups","rate":"False"}, {"name":"tcp_err_retransmit","rate":"False"}, {"name":"tcp_err_stray_packets","rate":"False"} ], "vserver_user": [ {"name":"si_tot_pkt_rcvd","rate":"True"}, {"name":"si_tot_pkt_sent","rate":"True"} ] } <!--NeedCopy-->
HTTP traffic
To view only HTTP related metrics, perform the following steps:
- Log in to NetScaler CLI and navigate to
/var/metrics_conf/folder. -
Create a schema file. For example,
httptraffic_metrics.json.set analytics profile ns_analytics_time_series_profile -schemaFile httptraffic_metrics.json <!--NeedCopy--> -
Add the following content and save the changes:
{ "server_svc_cfg": [ {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "server_serviceGroup": [ {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "netscaler": [ {"name":"http_tot_api_req_json","rate":"False"}, {"name":"http_tot_api_req_xml","rate":"False"}, {"name":"http_tot_api_req_vnd","rate":"False"}, {"name":"http_tot_api_res_json","rate":"False"}, {"name":"http_tot_api_res_xml","rate":"False"}, {"name":"http_tot_api_res_vnd","rate":"False"} ], "vserver_authn": [ {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_cr": [ {"name":"vsvr_tot_Hits","rate":"True"}, {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_cs": [ {"name":"vsvr_tot_Hits","rate":"True"}, {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"}, {"name":"si_tot_clt_ttlb_transactions","rate":"False"}, {"name":"si_tot_clt_ttlb","rate":"False"} ], "gslb_server": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "gslb_vserver": [ {"name":"vsvr_tot_Hits","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "server_gslb_serviceGroup": [ {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_lb": [ {"name":"vsvr_tot_Hits","rate":"True"}, {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"}, {"name":"si_tot_clt_ttlb_transactions","rate":"False"}, {"name":"si_tot_clt_ttlb","rate":"False"}, {"name":"si_tot_1xx_resp","rate":"False"}, {"name":"si_tot_2xx_resp","rate":"False"}, {"name":"si_tot_4xx_resp","rate":"False"}, {"name":"si_tot_5xx_resp","rate":"False"} ], "vserver_vpn": [ {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ], "vserver_user": [ {"name":"vsvr_tot_Hits","rate":"True"}, {"name":"si_tot_Requests","rate":"True"}, {"name":"si_tot_Responses","rate":"True"}, {"name":"si_tot_RequestBytes","rate":"True"}, {"name":"si_tot_ResponseBytes","rate":"True"} ] } <!--NeedCopy-->
System overview
To view only system overview related metrics, perform the following steps:
- Log in to NetScaler CLI and navigate to
/var/metrics_conf/folder. -
Create a schema file. For example,
system_metrics.json.set analytics profile ns_analytics_time_series_profile -schemaFile system_metrics.json <!--NeedCopy--> -
Add the following content and save the changes:
{ "server_svc_cfg": [ {"name":"si_tot_svr_ttlb","rate":"False"}, {"name":"si_tot_svr_ttlb_transactions","rate":"False"}, {"name":"si_cur_state","rate":"False"}, {"name":"si_tot_svr_ttfb_transactions","rate":"False"}, {"name":"si_tot_svr_ttfb","rate":"False"} ], "serviceGroup_NSSVC": [ {"name":"si_cur_state","rate":"False"} ], "server_serviceGroup": [ {"name":"si_cur_state","rate":"False"}, {"name":"si_tot_svr_ttfb_transactions","rate":"False"}, {"name":"si_tot_svr_ttfb","rate":"False"} ], "vserver_authn": [ {"name":"si_cur_state","rate":"False"} ], "vserver_cr": [ {"name":"si_cur_state","rate":"False"}, {"name":"vsvr_tot_Hits","rate":"True"} ], "vserver_cs": [ {"name":"si_cur_state","rate":"False"}, {"name":"vsvr_tot_Hits","rate":"True"} ], "gslb_server": [ {"name":"si_cur_state","rate":"False"} ], "gslb_vserver": [ {"name":"si_cur_state","rate":"False"}, {"name":"vsvr_tot_Hits","rate":"True"} ], "gslb_serviceGroup_NSSVC": [ {"name":"si_cur_state","rate":"False"} ], "server_gslb_serviceGroup": [ {"name":"si_cur_state","rate":"False"} ], "vserver_lb": [ {"name":"si_cur_state","rate":"False"}, {"name":"si_tot_2xx_resp","rate":"False"}, {"name":"si_tot_4xx_resp","rate":"False"}, {"name":"vsvr_tot_Hits","rate":"True"} ], "interface": [ {"name":"nic_err_dropped_pkts","rate":"True"} ], "netscaler": [ {"name": "tcp_cur_ClientConn", "rate": "False"}, {"name": "tcp_err_noip", "rate": "False"}, {"name": "tcp_err_rst", "rate": "True"}, {"name": "mem_cur_usedsize", "rate": "False"}, {"name": "tcp_tot_rxpkts", "rate": "True"}, {"name": "http_tot_rxResponseBytes", "rate": "True"}, {"name": "http_tot_Requests1_1", "rate": "True"}, {"name": "http_tot_Responses", "rate": "True"}, {"name": "tcp_err_retransmit_giveups", "rate": "True"}, {"name": "cur_syshealth_disk0_errors", "rate": "False"}, {"name": "http_tot_Requests", "rate": "True"}, {"name": "http_tot_rxRequestBytes", "rate": "True"}, {"name": "slave_cpu_use", "rate": "False"}, {"name": "cur_syshealth_disk0_used", "rate": "False"}, {"name": "tcp_err_rst_outof_wnd", "rate": "True"}, {"name": "tcp_err_stray_packets", "rate": "True"}, {"name": "cur_syshealth_disk1_errors", "rate": "False"}, {"name": "mgmt_additional_cpu_use", "rate": "False"}, {"name": "tcp_cur_ServerConnEst", "rate": "False"}, {"name": "tcp_cur_ClientConnEst", "rate": "False"}, {"name": "tcp_err_link_giveups", "rate": "False"}, {"name": "tcp_err_rst_inTimewaits", "rate": "True"}, {"name": "tcp_err_retransmit", "rate": "True"}, {"name": "tcp_cur_ServerConnClosing", "rate": "False"}, {"name": "tcp_err_rst_not_est", "rate": "True"}, {"name": "http_tot_Responses1_1", "rate": "True"}, {"name": "tcp_err_rst_not_est", "rate": "True"}, {"name": "tcp_err_rst_inTimewaits", "rate": "True"}, {"name": "tcp_err_rst_outof_wnd", "rate": "True"}, {"name": "tcp_cur_ServerConn", "rate": "False"}, {"name": "allnic_tot_tx_mbits", "rate": "True"}, {"name": "http_tot_Responses1_0", "rate": "True"}, {"name": "cpu_use", "rate": "False"}, {"name": "tcp_err_retransmit_giveups", "rate": "True"}, {"name": "http_tot_Requests1_0", "rate": "True"}, {"name": "mgmt_cpu_use", "rate": "False"}, {"name": "cur_syshealth_disk1_size", "rate": "False"}, {"name": "allnic_tot_rx_mbits", "rate": "True"}, {"name": "master_cpu_use", "rate": "False"}, {"name": "cur_syshealth_disk0_size", "rate": "False"} ], "mempool": [ {"name":"mem_err_alloc_failed","rate":"False"} ], "vserver_ssl": [ {"name":"si_cur_state","rate":"False"} ], "cpu": [ {"name":"cc_cpu_use","rate":"False"} ], "vserver_vpn": [ {"name":"si_cur_state","rate":"False"} ], "vserver_user": [ {"name":"si_cur_state","rate":"False"}, {"name":"vsvr_tot_Hits","rate":"True"} ] } <!--NeedCopy-->
Rate counters
A rate counter is an attribute used to monitor the rate of specific traffic types or requests passing through NetScaler. It helps administrators track various aspects of network traffic, such as the number of requests or the rate of connections to a particular service or virtual server.
The default reference schema file schema.json, located at /var/metrics_conf/ includes a list of entity types and associated counters. Not all counters listed in schema.json are rate counters. Only the counters with Rate: True denotes rate counters. You can create a custom schema.json file and add necessary rate counters.
Counters can be exported based on your requirements. To include a counter in the export, set the rate field to True. For example, if the rate field is set to true for si_tot_Requests, the rate for si_tot_Requests is exported. During export, a prefix RATE_<counter_name> is added in the metrics payload by NetScaler.
View metrics
The following are the different ways to consume or visualize metrics:
- NetScaler command line interface (CLI)
- Citrix proprietery NITRO APIs
- Export metrics to NetScaler Console
- Export metrics to observability tools
NetScaler CLI
You can use the NetScaler CLI to get the metrics. Log in to NetScaler CLI and run the command from the Shell prompt. The following command is an example command:
stat lb vserver <vserver-name>
<!--NeedCopy-->
Example:
> shell
root@ns# stat lb vserver vsrv-wireless
Virtual Server Summary
vsvrIP port Protocol State Health actSvcs
vsrv...eless * 0 TCP UP 100 1
inactSvcs
vsrv...eless 0
Virtual Server Statistics
Rate (/s) Total
Vserver hits 0 10
Requests 0 0
Responses 0 0
Request bytes 0 1580
Response bytes 0 532594360
Total Packets rcvd 0 216463
Total Packets sent 0 369898
Current client connections -- 0
Current Client Est connections -- 0
Current server connections -- 0
Requests in surge queue -- 0
Requests in vserver's surgeQ -- 0
Requests in service's surgeQs -- 0
Spill Over Threshold -- 0
Spill Over Hits -- 0
Labeled Connection -- 0
Push Labeled Connection -- 0
Deferred Request 0 0
Invalid Request/Response -- 0
Invalid Request/Response Dropped -- 0
Bound Service(s) Summary
IP port Type State Hits Hits/s
svc-internet 192.168.2.2 0 TCP UP 10 0/s
Req Req/s Rsp Rsp/s Throughp ClntConn SurgeQ
svc-internet 0 0/s 0 0/s 0 0 0
SvrConn ReuseP MaxConn ActvTran SvrTTFB Load
svc-internet 0 0 0 0 0 0
<!--NeedCopy-->
Citrix proprietery NITRO APIs
You can run NITRO APIs and fetch the required metrics.
For example, to view the total number of HTTP requests that NetScaler is handling, you can use the NITRO API by running the following curl command in the linux shell:
curl http://{nsip}/nitro/v1/stat/nsglobalcntr?args=counters:http_tot_Requests -u {nsuser}:{nspassword}
<!--NeedCopy-->
In the preceding example,
- nsip is the NetScaler IP address
- nsuser and nspassword are the NetScaler login credentials
The output is as follows:
root@rohit_lvm:~# curl "http://10.10.10.10/nitro/v1/stat/nsglobalcntr?args=counters:http_tot_Requests" -u nsroot:freebsd
{ "errorcode": 0, "message": "Done", "severity": "NONE", "nsglobalcntr": { "http_tot_Requests": "33398" } }
<!--NeedCopy-->
For more information Citrix proprietery NITRO APIs, see Citrix ADC NITRO APIs.
Export metrics to NetScaler Console
If you have NetScaler Console in your network to manage your NetScalers, then you can view the metrics through NetScaler Console GUI. For more information, see NetScaler Console Documentation.
Export metrics to observability tools
You can export metrics such as statistics and counters to observability tools such as:
- Prometheus - You can export the metrics directly from NetScaler to Promethus. For information on how to export metrics to Prometheus, see Export of metrics from NetScaler to Prometheus.
- Splunk - You can export the metrics directly from NetScaler to Grafana. For information on how to export metrics to Splunk, see Export of metrics from NetScaler to Splunk.
Troubleshoot issues related to export of metrics
Even after you configure the export of metrics, there might be some issues that prevent metrics from getting exported. This section provides tips for troubleshooting issues related to the export of metrics:
-
Check the status of the metrics collector: Check if the metrics collector daemon is running using the
psortopcommand. -
Check metrics configuration in the analytics profile: In the analytics profile, check the following metrics configuration:
- If
Output Modeis set toPrometheus - If
MetricsisENABLED - If a valid schema file present under
/var/metrics_confis configured - If the
Serve modeis set toPULL
The following is a sample configuration where the metrics configuration in the analytics profile is as it is expected to be:
Command: show analytics profile <analytics_profile_name> Output: Name: <analytics_profile_name> Collector: Profile-type: timeseries Output Mode: Prometheus Metrics: ENABLED Schema File: <schema_file_name> Metrics Export Frequency: 30 Events: DISABLED Auditlog: DISABLED Serve mode: PULL Endpoint Metadata: Authentication Token: Endpoint URL: Endpoint Content-type: Reference Count: 0 Managementlog: NONE <!--NeedCopy--> - If
-
Inspect logs:
- Check the
/var/nslog/metricscollector.logfor any configuration or schema file-related errors. -
Check
/var/log/ns.logto see if metrics export has stopped due to disk space issues or other critical errors. If the disk space is full, thens.logfile contains the following:Free up diskspace on /var/nslog partition.Disabling metrics/logging for now <!--NeedCopy-->If the disk space is full, ensure that there is sufficient disk space available for metrics file generation.
- Check the
-
Verify metrics file generation: Confirm that the metrics file is being generated in the
/var/nslog/directory. For Prometheus, the format of the output file name ismetrics_prom_<analytics_profile_name>.log. -
Check schema configuration:
- Ensure that the configured schema file does not contain unsupported counters, as it can prevent metrics from being generated. If there are any errors, validate if the counters are present in the reference.schema file.
- It is recommended to use a custom schema file with only the required counters.
- Do not configure
reference_schema.jsonas the input schema file. -
If the custom schema file is updated, disable and re-enable metrics through the CLI to reload the updated schema file.
set analytics profile ns_analytics_time_series_profile -metrics DISABLED set analytics profile ns_analytics_time_series_profile -metrics ENABLED <!--NeedCopy-->
-
Issues related to export of metrics to Prometheus
-
If there are any permission-related issues, configure read-only Prometheus access for a non-super user. For more information, see Configure read-only Prometheus access for a non-super user.
-
If metrics is not visible after following the previously mentioned steps, try fetching the metrics using the cURL command to rule out configuration issues on Prometheus:
curl -v -X GET "http://<Netscaler_IP_ADDRESS>/nitro/v1/config/systemfile?args=filename%3Ametrics_prom_<name_of_timeseries_profile>.log%2Cfilelocation%3A%2Fvar%2Fnslog&format=prometheus" -u <ns_user_name>:<ns_user's_password> <!--NeedCopy-->Example:
curl -v -X GET "http://<10.106.26.205>/nitro/v1/config/systemfile?args=filename%3Ametrics_prom_prometheus_profile.log%2Cfilelocation%3A%2Fvar%2Fnslog&format=prometheus" -u nsroot:nsroot <!--NeedCopy-->
-
Sample dashboards
The following dashboards avaialble on Grafana and Splunk provide you metrics associated with a specific use case:
- Observability Sample Dashboard for NetScaler ADC on Grafana
- Infra and Network Health Dashboard for NetScaler ADC on Splunk
- App and API Health Dashboard on Splunk
Share
Share
In this article
-
Configure metrics
- Metrics file generation
- Dynamic schema support
- Configure the metrics to subscribe counters using the CLI
- Configure a schema file using the CLI
- Steps to update the list of counters exported
- Multiple time-series profile support
- Add time-series profile using the CLI
- Configure time-series profile using the CLI
- Log file-naming conventions with multiple time-series profile support
- Configure use-case specific metrics export
- Rate counters
- View metrics
- Troubleshoot issues related to export of metrics
- Sample dashboards
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.