Jump to content
Welcome to our new Citrix community!

Citrix ADM is not enabling SysLog on VPX instance


Recommended Posts

Hello All,

 

Recently I have deployed Citrix ADM 13.0 instance for the specific need of collecting Syslog for 2 VPX appliances at this customer.

I have added one of the instances and Initial configuration has completed OK and instances is already managed. I can see SNMP community string and SNMP manager settings deployed on the ADC.

So far, so good.

But when i tried to "Configure Syslog" for this instances no matter how many times i try it never "stays" enabled" after i click OK...
I am not sure what could be the reason - from what i know there are no FW blocking UDP 514 so communication should not be an issue.
Also i am puzzled of the fact that I am not receiving any error message when i try to do that and it doesn't succeed.

 

Can you point me in the direction which I have to look?

Link to comment
Share on other sites

The task can be done manually by creating an audit policy on the target ADC's to the adm manager, but it shouldn't be necessary.

 

When you sign into ADM are you signing in by FQDN or IP of the ADM?

When you attempt the configure syslog command from ADM, look at syslog on the target ADC's to see if they generate an error:

shell

cd /var/log

tail -f ns.log | grep CMD_EXECUTED

# limits output to cmds that are pushed and you can see if the ADM attempt is reaching the ADC and if there are any deny messages or errors

# may also show if this a name resolution vs ip problem...or permissions/network/acl problems...

 

I don't know if this version of the ADM has a bug in this behavior or not; someone else will have to weigh in or ask support.

An original version of ADM/MAS, would fail these types of commands if you were signed to ADM by "name", then the command would push things like the adm syslog destinations by name AND if the target ADC couldn't resolve the name to ip, the command would fail (so check if the ADC has a dns server or host entry to facilitate the name resolution).  But if you were signed in to ADM by IP, it would push itself in these configs by IP, eliminating the problem.  (The ADM behavior may have been fixed, but you may see if the ADC/NetScaler is failing to resolve the destination name)

 

Next, you could also try to use the ADM job task to configure syslog and see if it works differently than the instance shortcut. (I would expect it to be the same, but using the job, you can specify name vs ips)

 

Third: Configure the audit policy manually on the ADCs to point to ADM.

And log a ticket as there is some issue with this command on the ADM.

 

 

 

 

 

 

 

 

  • Like 1
Link to comment
Share on other sites

Hi Rhonda,

 

Thank you for taking the time for this!

Currently ADM is version 13.0.64.35. Initially I did go with ver. 12.1.60.16 and was thinking it may be a bug with the version. But upgrading to 13.0.64.35 didn't fix it at all.

 

I did expect to see the syslog policy/server being created on the ADC automatically as the guides tell but this didn't happen -  I believe checkmark not staying on "Enabled" means that somme of the steps along the road were not able to be completed.

I tried to create the syslog policy on the ADC and manually specify the syslog server with all the parameters - to no avail.  This didn't make ADM any more willing to show the syslog events.

 

I am signing in on the ADM by IP - haven't created any DNS record yet.

Trying to execute the tail command on the ADC didn't bring anything - just a blank line..

After "cat"-ing the ns.log file i saw it is full with the following lines:

 

Dec 18 09:16:56 <local0.warn> <appliance host name> [1281]: Err code returned = 6
Dec 18 09:21:56 <local0.warn> <appliance host name> [1281]: previous message repeated 2 times in last 300 seconds
Dec 18 09:21:56 <local0.warn> <appliance host name> [1281]: Err code returned = 6

 

I do not think its name resolution issue as i don't use names to connect to either ADM or ADC..

Thanks for the idea of creating an ADM job task - i've executed it and it showed some error message which i find odd - "Audit log service exists with this server information".

 

image.thumb.png.f8cdc06bc5128801b3c7f2e50a0c10bd.png

I've removed the already preconfigured server/policies by me and thought this would make a difference but it did not :\

 

Where you think I should log a ticket? Citrix support?

Unfortunatelly the client doesn't have active support contract :\

Link to comment
Share on other sites

Your screenshot, says you already have an existing syslog action, so the new action and therefore the new policy will not be created.  So, you need to check for conflicts first.

 

1) Check on your adc the global syslog parameter (under the System > Audit node). This should still be adc local.

2) Check on your adc for other audit policies/servers specifying an existing location/ip that conflicts with you ADM

 

3) Are you looking in the right place on the ADM for the instance syslog events.  You said you tried to do a tail on the ADM, but that is just the ADM's syslog. If you see events like mps<something>, you might be in the wrong place.

 

Otherwise, make sure you don't have any overlapping configs.

 

4) Check for ACLs restricting access to the nsip and or a network trace to see if there is communication blocking syslog between adc and adm.

Edited by Rhonda Rowland
added info
Link to comment
Share on other sites

Hi Rhonda,
I've checked at the time and I removed any existing syslog policies/actions but the job did fail.

I tried agian the next day and the job executed successfuly. Not sure why it succeeded now :\

 

image.thumb.png.4060e565ecd5acaff94f1a40a01676f4.png

Anyway - now the syslog policies are automatically created on the ADC and I can see the Syslog option being enabled for the ADC instances on ADM.

But the issue is still there - no syslog events are displayed (albeit the window changed  a bit anticipating the events to appear there)

 

image.thumb.png.769b70f0521aa551238eff1030bdcd93.png

 

I think i am not mistaken with where I expect the syslog events to appear..

Thanks for the idea of checking the "global syslog parameters" - I saw that there was configured other remote syslog server and I modified it to be set to 127.0.0.1.

Unfortunatelly this did not bring the events to show up..

 

I did not find any ACLs that may be blocking the traffic to/from ADC..

 

Regarding remark number 3) - I was thinkng you are asking me to "tail" the ns.log file on the ADC, not on the ADM...you mentioned that in your reply:"When you attempt the configure syslog command from ADM, look at syslog on the target ADC"..

 

 

 

 

Link to comment
Share on other sites

Yeah, for part 3. I misread what you wrote... So ignore me for that part.

 

The only thing you can do is make sure you have syslog enabled, events being generated, and run a trace.

 

You can also try reporting syslog to another syslog server and if that works, the issue is likely to do with ADM or the network from NSIP to ADM.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...