Citrix ADC Audit Log Counters

This article contains information about the newnslog Audit Log counters and its brief description.

Using the Counters

Log on to the ADC using an SSH client, change to SHELL, navigate to the /var/nslog directory, and then use the ‘nsconmsg’ command to see comprehensive statistics using the different counters available. For the detailed procedure refer to Citrix Blog – NetScaler ‘Counters’ Grab-Bag!.

The newnslog Audit Log

The following table lists the newnslog Audit Log counters with a simple description of the counter.

newnslog Counter

Description

auditlog64_tot_syslog_send

This counter tracks the Syslog messages sent to the syslog server(s).

auditlog64_tot_syslog_generated

This counter tracks the Syslog messages that are about to be sent to the syslog server.

auditlog32_err_syslog_allocnatpcb

This counter tracks the NAT allocation that has failed.

auditlog32_err_syslog_allocnsb

This counter tracks the NSB allocation that has failed.

auditlog32_err_createcontext_allocmem

This counter tracks the failures in allocation of Access Gateway context structure. When an Access Gateway session is established, the NetScaler appliance creates an internal context structure, which identifies the user and the IP address from which the user has logged in.

auditlog32_err_syslog_allocport

This counter tracks the number of times the NetScaler appliance failed to allocate a port when sending a syslog message to the syslog server(s).

auditlog32_syslog_allocnatpcb_hash_miss

This counter tracks the NAT lookup that has failed.

auditlog32_err_syslog_contextnotfound

This counter tracks the failures in finding the context structure for an Access Gateway session during attempts to send session-specific audit messages. During an Access Gateway session, audit messages related to the session are queued up in the auditlog buffer for transmission to the audit log server(s). If the session is terminated before the messages are sent, the context structure allocated at session creation is removed. This structure is required for sending the queued auditlog messages. If it is not found, then this counter is incremented.

auditlog32_err_audserv_allocnsbchain

This counter tracks the NSB Chain allocation that is failed.

auditlog32_err_audserv_clientconnectfailed

This counter tracks the failures in establishment of a connection between the NetScaler appliance and the auditserver tool (the NetScaler custom logging tool).

auditlog32_mp_logmsg_flushcmd_issued

This counter tracks the Auditlog buffer flushes. In a multiprocessor NetScaler appliance, both the main processor and the co-processor can generate auditlog messages and fill up the auditlog buffers. But only the primary processor can free up the buffers by sending auditlog messages to the auditlog server(s). The number of auditlog buffers is fixed. If the co-processor detects that all the auditlog buffers are full, then it issues a flush command to the main processor.

Related:

  • No Related Posts

Leave a Reply