Logging and monitoring

Configure Network Time Protocol

We recommend that the Network Time Protocol (NTP) is enabled on NetScaler and configured to use a trusted network time server. Enabling NTP ensures that times recorded for the log entries and system events are accurate and synchronized with other network resources.

When configuring NTP, the ntp.conf file must be modified to restrict the NTP server from disclosing the information in sensitive packets.

You can run the following commands to configure NTP on NetScaler:

add ntp server <IP_address> 10

enable ntp sync
<!--NeedCopy-->

Modify the ntp.conf file for each trusted NTP server that you add. There must be a corresponding restrict entry for every server entry. You can locate the ntp.conf file by running the find . –name ntp.conf command from the NetScaler shell prompt.

Configure SNMP

NetScaler supports version 3 of the SNMP protocol. SNMPv3 incorporates administration and security capabilities such as authentication, access control, and data integrity checks. For more information, see Configuring NetScaler for SNMPv3 queries.

Note:

We recommend that you use SNMPv3 instead of SNMPv1 and SNMPv2.

If you do not configure at least one SNMP manager, NetScaler accepts and responds to SNMP queries from all IP addresses in the network. Run the following command to add an SNMP manager and restrict this behavior:

add snmp manager <IP_address>
<!--NeedCopy-->

In deployments where SNMP is not required, the functionality must be disabled with the following command:

set ns ip <IP_Address> -snmp disabled
<!--NeedCopy-->

Configure logging to external NetScaler log host

The NetScaler Audit Server logs all states and status information collected by different modules in the kernel and in the user-level daemons. The Audit Server enables an administrator to see the event history in a chronological order. The Audit Server is similar to the SYSLOG server that collects logs from NetScaler. The Audit Server uses the administrator credentials to fetch logs from one or more appliances.

  • Local Audit Server Configuration

Run the following command to configure logging to the local Audit Server in NetScaler: > set audit nslogparams –serverip <hostname> -serverport <port>

  • Remote Audit Server Configuration

To configure logging to the Audit Server in a remote computer, install the Audit Server on that computer. The following are the sample Audit Server options:

./audserver -help
usage : audserver -[cmds] [cmd arguments]
cmds cmd arguments: -f <filename> -d debug
-help - detail help
-start - cmd arguements,[starts audit server]
-stop - stop audit server
-verify - cmd arguments [verifies config file]
-addns - cmd arguments [add a netscaler to conf file]
-version - prints the version info
<!--NeedCopy-->

These options provide functionality for logging audit messages generated by the NetScaler ns.log file only. To log all syslog messages, perform the following steps:

  1. Remove the log file specifications from the /nsconfig/syslog.conf file for the local facilities.
  2. Replace the log file specifications with the log host name or IP address of the remote syslog host, similar to the following entries:

    local0.* @10.100.3.53

    local1.* @10.100.3.53

  3. Configure the syslog server to accept log entries from the preceding logging facilities. For more information, see the syslog server documentation.
  4. For most UNIX-based servers using the standard syslog software, you must add a local facility configuration entry for the messages and nsvpn.log files to the syslog.conf configuration file. The facility values must correspond to values configured on NetScaler.
  5. The remote syslog server in any UNIX-based computer by default does not listen for remote logs. Therefore, run the following command to start the remote syslog server:
syslogd -m 0 –r
<!--NeedCopy-->

Note: See the equivalent options of the syslog variant that is deployed in the audit server.

Logging and monitoring