Arun Kumar K R Posted December 1, 2021 Share Posted December 1, 2021 Hi All, We have a VPX used as load balancer alone. I would like to know users details who hits this load balancer VIP. In GUI, i checked for Statistics on the Virtual Server, but didnt get thre required information. Can you please guide if there is any command or option to view the users details. Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted December 1, 2021 Share Posted December 1, 2021 What information do you want, client ip address or logged in user name or something else? User name, would require the ADC to be doing login for the app either via aaa or vpn. For IP addresses, you can generate a policy to log client ips to syslog and retrieve those (a responder NOOP policy with a log action; enable custom logging in the global syslog parameters). Or use rewrite to insert a header and have the backend server extract this info. Link to comment Share on other sites More sharing options...
Arun Kumar K R Posted December 2, 2021 Author Share Posted December 2, 2021 Hi, Client IP address will work. Is there any way to see the flow when user hit Load balancer. Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted December 2, 2021 Share Posted December 2, 2021 If you use WebInsight with Citrix ADM you can get web site metrics associated with user ip addresses. From the ADC itself, you can just do logging of info. You can include system time. If you had tcp logging enabled you'd see all tcp connection details BUT that is a lot of logged data. If traffic was handled by the AAA or VPN vserver, then you would get tracking of users at time of authentication (for eample). Depending on exactly what you want and why would determine whether other features would get that data for you better. Example of a responder NOOP policy to do logging: add audit messageaction audit_act_customlog_sourceips INFO "\"rs_pol_noop_logonly: \" + \"client ip: \" + client.IP.SRC + \" connected to vserver: \" + client.IP.DST" add responder policy rs_pol_noop_customlog "true" NOOP -logAction audit_act_customlog_sourceips bind lb vserver lb_vsrv_demo -policyName rs_pol_noop_customlog -priority 100 -gotoPriorityExpression NEXT -type REQUEST The NOOP (no operation) policy, allows events to be logged only. The GoTo expression set to NEXT allows other policies to be applied afterwards if relevant. You still need to update the global syslog audit parameter (or any other custom syslog policies" to include "User Configurable Messages" You can change the logging message to include system time or other details. Use the GUI for better results to edit. Link to comment Share on other sites More sharing options...
Brooks Carlson Posted December 15, 2021 Share Posted December 15, 2021 I would enable Debug level logging on the Netscaler which includes client IP information on connections: Enable DEBUG Log Level for Syslog Events from NetScaler CLI Run the following command to enable debugging: set audit syslogParams -logLevel ALL Run the following command to disable debugging: set audit syslogParams -logLevel EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL Just remember that debugging does increase the logging demands and adds more to the drive and potentially rolls over log files faster. ADM is your best bet though and it isn't that difficult to configure. Also we have Cloud ADM hosting which is even easier to set up. Link to comment Share on other sites More sharing options...
Arun Kumar K R Posted February 4, 2022 Author Share Posted February 4, 2022 Hi Brooks, thank you for the reply. I have raised a vendor ticket and they collected the logs by enabling Debug. But received a response that no logs found which is reaching the VIP. I'm surprised to hear it. cant we find logs or user details who hit the LB VIP which is configured on NS. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now