Jump to content
Welcome to our new Citrix community!

No Data in Web Insight on ADM


Recommended Posts

Hello,

 

I have web insights configured on a couple of our netscalers (MPX 5550's, cannot find a group for MPX's). This is going through a firewall, using logstream (port 5557 opened through the firewall). The collector is shown in the vpx as being up.
The Appflow policies have all been configured on the vpx, via the ADM.
I am seeing 500,000 + hits on the appflow policy, but not seeing anything in Web Insight.

I can see information on the applications dashboard for the specific load balancer. I only have 2 load balancers licenced in ADM (from a possible 30). This one & it's failover partner (that I would expect to have very limited traffic)

I have ran the following command 'nstcpdump.sh tcp  port 5557' 7 can see a connection happenning to the ADM appliance.
There are no errors under 'Diagnostics for No Data' for either load balancers.
Under the Web Insight Instances I just see no items.

All that I want to do is see what TLS version is being used to a particular SSL fronted load balancer, from a client.

ULFD is enabled on these netscalers

Is there any troubleshooting that I can do to see the data under web insights?

image.thumb.png.104c2480bd91af48c8fdb0881f222b6c.png

 

Thanks,
Matt

 

image.png

Edited by mattriddler
added tcpdump comment
Link to comment
Share on other sites

Based on your description, I believe the data you’re looking for is on the SSL Insights page.

 

https://docs.citrix.com/en-us/netscaler-mas/12/analytics/ssl-insight.html

 

Check to see that the following is enabled on the ADC Instances:

 

Quote

Enabling SSL Insight Parameters

On each NetScaler instance, you have to enable some HTTP parameters to display SSL Insight records in NetScaler MAS.

To enable SSL Insight parameters from the NetScaler configuration utility:

Navigate to Configuration > System > AppFlow, and click Change AppFlowSettings.

Select the following check boxes: HTTP Domain, HTTP Host, HTTP Method, HTTP URL, HTTP User-Agent, HTTP Content-Type.  

Click OK.

 

Web Insights provides information about vServer traffic, client/server details, URLs, etc. 

 

If that is all in order, did you reboot the appliances after enabling ULFD mode (if you recently enabled is as part of this configuration)?

 

 

 

Link to comment
Share on other sites

Hello,

 

I have seen that page & had configured the appflow settings the same as another netscaler that does display data in the MAS.

With the help of my network team I can see that there is traffic going out via the SNIP to the MAS. Confirmed this via nstcpdump & also via firewall logging.

 

The netscalers had never had ULFD mode enabled (as far as I am aware). I got both of these devices rebooted yesterday.

From a putty session I have ran the following command, ' show ns mode' Number 20 shows 'Unified Logging Format         ULFD                 ON'

I have not since enabled this, so should have been enabled before I rebooted.

 

I do have a call logged with Citrix & just uploaded logs from both the Netscaler & MAS.

I configured another netscaler with the same rule (but monitoring a csw rather than a lb), also behind the firewall with the same rules applied as the one who is not working. Just TCP 5557 out from the Netscaler to the MAS.

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...