Jump to content
Welcome to our new Citrix community!

VPX System/Diagnostics/Troubleshooting Data/Traffic Distribution

Recommended Posts

So far my new load balancing setup is going well. We'll do another round of testing next week. 

In the first round I used System/Network/TCP/IP Connections to see what inbound was going

to what back end service. I also spotted "show persistentconnections" for the CLI which 

is going to be useful.


But later I noticed a System/Diagnostics/Troubleshooting Data/Traffic Distribution which sounds

like it would be very helpful if something goes askew. Unfortunately it then wanted me to choose

one of 30 or 40 files in /var/log and it had no suggestions as to which one. After some googling

I'm not spotting that. Which log file is the one one should choose to verify traffic distribution is

working as desired or troubleshoot why it might not be?



Link to comment
Share on other sites

For real time distribution and to verify up/down states and load balancing, use the stats or dashboard in the gui. For past correlation, things get a little more complex depending on how raw you want the data.


So, it depends on what type of info you need:

- record of actual web transactions with client ips to service destinations over time: use NSWL (Web Server Logging)

- for stats of service hits/vserver hits (but not necessarily correlating to client ips...but just to see traffic over time and vserver/service utilization), use stats or dashboard in gui (which is real time and recent history like last 5 minutes or so) or Reporting tool for historical data.  All stats are drawn from the nslog files (/var/nslog/newnslog).  The current nslog file will give you current stats/distribution the reporting tool or past nslog files (newnslog.gz.##) will give you stats for past events.

- For debug and granular metrics you also have some of the nslog (nsconmsg) commands exposed in the gui under System > Diagnostics as well.  Or you can use nsconmsg commands to extract all sorts of info from the files from shell but this can be very detailed/raw data and probably not what you want for this.

- Syslog (/var/log/ns.log) is exposed in GUI under System > Audit (right-pane) and is used for auditing and higher-level troubleshooting.  Will see events like services up/down and config audit messages.

- If you need more info on actual load distribution decisions over time, besides what nswl can give you, then you might want to deploy Citrix ADM with web insight enabled (which is mostly for web site performance, but would include client ip to service info as well...I would just start with nswl first.)




More detailed info on each below:

For web transactions and traffic distribution you are better of using NSWL for web transaction logs.  You can download the component from the location where you download firmware and it is discussed in the admin guide under System > Web Server Logging:  https://docs.citrix.com/en-us/citrix-adc/13/system/web-server-logging.html  


Syslog is the ADC audit log and is located in /var/log/ns.log and the past archive files (among other log files in this directory).  This will be the current audit events: record of every config change made and features that audit normally, so you will see monitor up/down states, ha issues, config changes, and features like appfw or gateway will audit security events.  Some features, like responder/rewrite might have log messages configured and might also audit to this log.  You  can also view contents of syslog in GUI System > Audit (right-hand pane, for current and past logs).  The log rollover/retention determines which log file you need; but its not really the one you want for the traffic distribution.


The one you mostly see under System > Diagnostics is /var/nslog/newnslog and its past versions. This is commonly referred to as the nslog file and is a record of all counters/debug counters and low level events/issues on system.  You can view this one using nsconmsg -K <filename> <cli args>  with various parameters.  But there are shortcuts in GUI to most commonly referenced info.

Any time you view stats in cli, stats in gui, or the dashboard in gui you are pulling data from this file. STats/metrics are gathered every 7 seconds.  The reporting tab is historical data at 5 min granularity and is gathered by a different process - it might help you look at some usage over time, but not which traffic goes to which services granularly.

You can also view common nslog info under System > Diagnostics at the bottom of the pane. Commands here help you view the current log file (or past log files) - console messages and events, log file duration to see which file you need.



And this thread has additional info on logs in one place, if you need it:  https://discussions.citrix.com/topic/390843-logged-event-data-extraction/





  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...