The NetScaler App Delivery and Security service – NetScaler managed edition, offers self-healing capability for the application server. The self-healing capability provides deep application analytics with improved application experience and security.
With the self-healing capability:
You can automatically detect, remediate, and replace the defective server with a healthy server whenever the performance of an application server degrades or starts to malfunction.
You can automatically detect the security attacks and take remediation actions.
If an anomaly is detected in one of the instances of an application, it generates an alert and can automatically take remediation actions. The detected anomalies and corrective steps are logged inside the Action History.
The following use cases are supported as part of the self-healing capability:
Automatically replace Slow Server: In a stack of applications running as a back-end server in an Autoscale group, if one of the instances goes faulty. And if that instance starts responding slowly based on the response time. Then, the self-healing feature enables detecting the faulty server and replacing the faulty server with the healthy server automatically. For more information, see Create Services.
Block past offenders: Enables you to check and send alerts if the client IPs are causing excessive AppSec violations in the last 20 minutes. For more information, see SQL injection and Cross-site scripting.
Action History: Enables you to view the actions that are taken in the context of self-healing. For more information, see Action History.
Before accessing the action history tile, you must complete the following preliminary steps:
Create a Citrix cloud access profile.
Create an application environment.
For more information, see Deliver a modern application.
The action history functionality enables you to view anomalous events that have been detected and the corresponding corrective actions that are taken as part of self-healing.
The action history view enables you to check if one of the services that comprise an Autoscale group is slow compared to the rest of the services. If an automatic replacement of slow servers is enabled, then the respective action shows up in this history.
The action history view displays the event where the client IPs have been causing excessive AppSec violations. If an automatic remediation is enabled, then the action history view displays the details of when the offending client IP was blocked.
All the actions are taken automatically. You can view the details of the actions taken in the Action History.
When an Action takes place, we see a log entry in the Action History. The action history view displays the records in a table with the following details:
The time of action.
The action that was taken.
The event that leads to the trigger of an action.
The application name or network function on which the corresponding anomaly event happens.
You can filter the action history view based on the following parameters:
The time interval at which the actions are run.
The application name on which the actions are run.
The action taken.
The network function on which the actions are run.
There are two types of Actions:
Log only actions: You can enable log only type of actions. These entries are the records registered by the application when an anomaly is detected.
Log and Remediation actions: Along with logs, you can also configure the NetScaler App Delivery and Security service to automatically correct the anomaly. These entries are the corrective actions taken by the application to recover from the anomaly. For example, if there is a slow-server anomaly, the corrective action is to replace the slow server.
You can start with the log only actions, and if you want to enable automatic remediation action, you can switch the actions from log only actions to log and remediation actions based on the requirement.
Using the Action History
To access the integrated Action History in the NetScaler App Delivery and Security service application:
Sign in the NetScaler App Delivery and Security service application.
In the left Navigation pane, click Action History.
Sort, filter, and search logs in the Action History
Use the search feature to view information about the specific actions. The filters can be applied to get a more focused view of the alerts based on the time interval.
Sort the data by selecting the required columns.
Click the Add icon at the top right of the table header to add or remove columns. This launches the Add / Remove columns modal dialog.
To remove a column, unselect the check box of the required column listed under Current Columns pane in the Add / Remove columns modal dialog. Click Update. The removed column now appears under the Add Columns pane.
To add a removed column, select the check box of the required column listed under the Add Columns pane in the Add / Remove columns modal dialog. Click Update. The added column now appears under the Current Columns pane.
- Sort the data by using the time interval drop-down list next to the search box.
The available options are PRESET TIME and CUSTOM.
- You can sort the data to view the data in the PRESET TIME.
Under PRESET TIME, the available options are,
- Last 1 Hour (1H): Displays the data for the previous one hour.
- Last 12 Hours (12H): Displays the data for the previous 12 hours.
- Last 1 Day (1D): Displays the data for the previous day.
- Last 1 Week (1W): Displays the data for the previous week.
- Last 1 Month (1M): Displays the data for the previous month.
- You can also sort the data by customizing the time interval under CUSTOM. You can choose the required date and time range. Click From to select the starting range and click To for selecting the ending range of the date and time.
- You can sort the data to view the data in the PRESET TIME. Under PRESET TIME, the available options are,
The table might spill over to many pages. You can select the number of row entries in a page from the drop-down list at the bottom of the table.
To perform advanced search, you can use filters such as Action-Taken, and Applicaiton-Name in the search box to view the specific data.
- Click the search box and choose the required option, Action-Taken, or Application-Name
Select the suitable operator for the chosen option. The available operators are,
=equals to some value
~contains same value
- You can combine the search query by using the logical operators: AND (Requires both to be true). The AND logical operator requires both the values to be true.
Action History View
The following parameters are displayed in the action history table view:
This field displays the time at which the action was taken. Select the Action log list based on the specific duration.
This field displays the action that was taken because of an alert. For example, replace a slow server or log.
This field displays the name of the application on which the action was taken.
This field displays the name of the network function on which the block, or unblock IP actions were taken.
This field displays the type of alert.
The following types of alerts are supported in NetScaler App Delivery and Security service:
This field displays information about the alert type, the alert, and the action that was taken.