Citrix ADC Audit Log Counters

This article contains information about the newnslog Audit Log counters and its brief description.

Using the Counters

Log on to the ADC using an SSH client, change to SHELL, navigate to the /var/nslog directory, and then use the ‘nsconmsg’ command to see comprehensive statistics using the different counters available. For the detailed procedure refer to Citrix Blog – NetScaler ‘Counters’ Grab-Bag!.

The newnslog Audit Log

The following table lists the newnslog Audit Log counters with a simple description of the counter.

newnslog Counter



This counter tracks the Syslog messages sent to the syslog server(s).


This counter tracks the Syslog messages that are about to be sent to the syslog server.


This counter tracks the NAT allocation that has failed.


This counter tracks the NSB allocation that has failed.


This counter tracks the failures in allocation of Access Gateway context structure. When an Access Gateway session is established, the NetScaler appliance creates an internal context structure, which identifies the user and the IP address from which the user has logged in.


This counter tracks the number of times the NetScaler appliance failed to allocate a port when sending a syslog message to the syslog server(s).


This counter tracks the NAT lookup that has failed.


This counter tracks the failures in finding the context structure for an Access Gateway session during attempts to send session-specific audit messages. During an Access Gateway session, audit messages related to the session are queued up in the auditlog buffer for transmission to the audit log server(s). If the session is terminated before the messages are sent, the context structure allocated at session creation is removed. This structure is required for sending the queued auditlog messages. If it is not found, then this counter is incremented.


This counter tracks the NSB Chain allocation that is failed.


This counter tracks the failures in establishment of a connection between the NetScaler appliance and the auditserver tool (the NetScaler custom logging tool).


This counter tracks the Auditlog buffer flushes. In a multiprocessor NetScaler appliance, both the main processor and the co-processor can generate auditlog messages and fill up the auditlog buffers. But only the primary processor can free up the buffers by sending auditlog messages to the auditlog server(s). The number of auditlog buffers is fixed. If the co-processor detects that all the auditlog buffers are full, then it issues a flush command to the main processor.


  • No Related Posts

Leave a Reply