fetch list of users hitting to load balancer

[Arun Kumar K R]

Hi All,

 

We have a VPX used as load balancer alone. I would like to know users details who hits this load balancer VIP.

In GUI, i checked for Statistics on the Virtual Server, but didnt get thre required information. 

Can you please guide if there is any command or option to view the users details.

[Rhonda Rowland1709152125]

What information do you want, client ip address or logged in user name or something else?  User name, would require the ADC to be doing login for the app either via aaa or vpn.

For IP addresses, you can generate a policy to log client ips to syslog and retrieve those (a responder NOOP policy with a log action; enable custom logging in the global syslog parameters).

Or use rewrite to insert a header and have the backend server extract this info.

 

[Arun Kumar K R]

Hi,

Client IP address will work. 

Is there any way to see the flow when user hit Load balancer. 

[Rhonda Rowland1709152125]

If you use WebInsight with Citrix ADM you can get web site metrics associated with user ip addresses.

 

From the ADC itself, you can just do logging of info. You can include system time.  

If you had tcp logging enabled you'd see all tcp connection details BUT that is a lot of logged data.

 

If traffic was handled by the AAA or VPN vserver, then you would get tracking of users at time of authentication (for eample).

 

Depending on exactly what you want and why would determine whether other features would get that data for you better.

 

Example of a responder NOOP policy to do logging:

add audit messageaction audit_act_customlog_sourceips INFO "\"rs_pol_noop_logonly:  \" + \"client ip: \" + client.IP.SRC + \" connected to vserver: \" + client.IP.DST"

add responder policy rs_pol_noop_customlog "true" NOOP -logAction audit_act_customlog_sourceips

 

bind lb vserver lb_vsrv_demo -policyName rs_pol_noop_customlog -priority 100 -gotoPriorityExpression NEXT -type REQUEST
 

The NOOP (no operation) policy, allows events to be logged only. The GoTo expression set to NEXT allows other policies to be applied afterwards if relevant.

You still need to update the global syslog audit parameter (or any other custom syslog policies" to include "User Configurable Messages"

You can change the logging message to include system time or other details. Use the GUI for better results to edit.

 

 

[Brooks Carlson]

I would enable Debug level logging on the Netscaler which includes client IP information on connections:

 

Enable DEBUG Log Level for Syslog Events from NetScaler CLI

Run the following command to enable debugging:
set audit syslogParams -logLevel ALL

 

Run the following command to disable debugging:
set audit syslogParams -logLevel EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL

 

Just remember that debugging does increase the logging demands and adds more to the drive and potentially rolls over log files faster.

 

ADM is your best bet though  and it isn't that difficult to configure.  Also we have Cloud ADM hosting which is even easier to set up.

[Arun Kumar K R]

Hi Brooks,

 

thank you for the reply.

I have raised a vendor ticket and they collected the logs by enabling Debug.

But received a response that no logs found which is reaching the VIP.

I'm surprised to hear it. 

cant we find logs or user details who hit the LB VIP which is configured on NS.