Jump to content
Welcome to our new Citrix community!

how to reset ssl stat


Dany Demers

Recommended Posts

hello all, I want to clear the SSL stat on my citrix ADC and I tried the clear global from the statistic menu in the GUI and it doesn't clear the SSL stat. I tried the 4 option available, Basic, full, basic global, full global but my ssl stat don't get reset. How do i reset these stat so that we can see how many connection are made by which protocol?

Link to comment
Share on other sites

Good Morning Dany,

there are two ways to delete the ssl stats on your ADC. This command works on 13.1.33.52.

 

a) GUI

1. Traffic Management\SSL\Statistics

2. Clear Basic/Full

 

b) CLI

1. stat ssl [-clearstats ( basic | full )]

 

Source: https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/ssl/ssl/

 

Best regards,

Jens

  • Like 1
Link to comment
Share on other sites

I think only clear stats "full" will remove the totals. 

 

It may in fact be a bug on this version of the code; I don't have access to test this specific one compared to the build I was using. 

But do make sure you have full admin rights and not a delegated admin that might be missing something.

 

Also stats are reset after a reboot (which I know isn't possible with product systems.)

Also may depend on whether you are looking at the global ssl stats (all hits to all objects) or a stat ssl vserver <vserver name>

 

 

If you just need an alternate way to temporarily audit the ssl ciphers in use on new connections in total or on specific vservers. See this thread where we used RESPONDER NOOP policies to log ciphers in use for all users on a given vserver with a GOTO Next expression; and then a separate policy to redirect users with the already identified unapproved ssl ciphers to an error page.  You could limit the amount of logging by restricting to hits to only a specific object on a page instead of every object.

https://discussions.citrix.com/topic/413011-capture-source-ips-on-vip-for-any-connections-which-are-using-weak-ciphers/

IF this isn't what you needed; then disregard.

 

 

 

  • Like 1
Link to comment
Share on other sites

  • 1 year later...
On 12/4/2022 at 6:49 PM, Rhonda Rowland1709152125 said:

I think only clear stats "full" will remove the totals. 

 

It may in fact be a bug on this version of the code; I don't have access to test this specific one compared to the build I was using. 

But do make sure you have full admin rights and not a delegated admin that might be missing something.

 

Also stats are reset after a reboot (which I know isn't possible with product systems.)

Also may depend on whether you are looking at the global ssl stats (all hits to all objects) or a stat ssl vserver <vserver name>

 

 

If you just need an alternate way to temporarily audit the ssl ciphers in use on new connections in total or on specific vservers. See this thread where we used RESPONDER NOOP policies to log ciphers in use for all users on a given vserver with a GOTO Next expression; and then a separate policy to redirect users with the already identified unapproved ssl ciphers to an error page.  You could limit the amount of logging by restricting to hits to only a specific object on a page instead of every object.

https://discussions.citrix.com/topic/413011-capture-source-ips-on-vip-for-any-connections-which-are-using-weak-ciphers/

IF this isn't what you needed; then disregard.

 

 

 

1 year later but thanks for that reply. We finally opted to use the ADM to have detailed stat but that's another good option for those who don't have ADM.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...