Dany Demers Posted November 18, 2022 Share Posted November 18, 2022 hello all, I want to clear the SSL stat on my citrix ADC and I tried the clear global from the statistic menu in the GUI and it doesn't clear the SSL stat. I tried the 4 option available, Basic, full, basic global, full global but my ssl stat don't get reset. How do i reset these stat so that we can see how many connection are made by which protocol? Link to comment Share on other sites More sharing options...
Jens Dellner Posted November 22, 2022 Share Posted November 22, 2022 Good Morning Dany, there are two ways to delete the ssl stats on your ADC. This command works on 13.1.33.52. a) GUI 1. Traffic Management\SSL\Statistics 2. Clear Basic/Full b) CLI 1. stat ssl [-clearstats ( basic | full )] Source: https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/ssl/ssl/ Best regards, Jens 1 Link to comment Share on other sites More sharing options...
Dany Demers Posted November 29, 2022 Author Share Posted November 29, 2022 Thanks for the reply but it seem there is a problem as it's not working on my box (I'm still on 13.0-85.32), see attached picture... I tried the GUI and the CLI and SSL stat still don't reset... Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted December 4, 2022 Share Posted December 4, 2022 I think only clear stats "full" will remove the totals. It may in fact be a bug on this version of the code; I don't have access to test this specific one compared to the build I was using. But do make sure you have full admin rights and not a delegated admin that might be missing something. Also stats are reset after a reboot (which I know isn't possible with product systems.) Also may depend on whether you are looking at the global ssl stats (all hits to all objects) or a stat ssl vserver <vserver name> If you just need an alternate way to temporarily audit the ssl ciphers in use on new connections in total or on specific vservers. See this thread where we used RESPONDER NOOP policies to log ciphers in use for all users on a given vserver with a GOTO Next expression; and then a separate policy to redirect users with the already identified unapproved ssl ciphers to an error page. You could limit the amount of logging by restricting to hits to only a specific object on a page instead of every object. https://discussions.citrix.com/topic/413011-capture-source-ips-on-vip-for-any-connections-which-are-using-weak-ciphers/ IF this isn't what you needed; then disregard. 1 Link to comment Share on other sites More sharing options...
Dany Demers Posted December 14, 2023 Author Share Posted December 14, 2023 On 12/4/2022 at 6:49 PM, Rhonda Rowland1709152125 said: I think only clear stats "full" will remove the totals. It may in fact be a bug on this version of the code; I don't have access to test this specific one compared to the build I was using. But do make sure you have full admin rights and not a delegated admin that might be missing something. Also stats are reset after a reboot (which I know isn't possible with product systems.) Also may depend on whether you are looking at the global ssl stats (all hits to all objects) or a stat ssl vserver <vserver name> If you just need an alternate way to temporarily audit the ssl ciphers in use on new connections in total or on specific vservers. See this thread where we used RESPONDER NOOP policies to log ciphers in use for all users on a given vserver with a GOTO Next expression; and then a separate policy to redirect users with the already identified unapproved ssl ciphers to an error page. You could limit the amount of logging by restricting to hits to only a specific object on a page instead of every object. https://discussions.citrix.com/topic/413011-capture-source-ips-on-vip-for-any-connections-which-are-using-weak-ciphers/ IF this isn't what you needed; then disregard. 1 year later but thanks for that reply. We finally opted to use the ADM to have detailed stat but that's another good option for those who don't have ADM. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now