Netscaler Knowledgebase

Summary

When troubleshooting NetScaler server cases, there are various logging capabilities that you can use to assist you in determining the root cause of a problem. The NetScaler system allows you to customize the logging of system events and SSL VPN access events. This document focuses on logging specific to the NetScaler system and the SSL VPN using syslog.

Requirements

This document is specific to the 6.1 NetScaler server, although some data may be applicable to ealier NetScaler versions.

Procedure

The NetScaler server has an internal message generator that passes messages to the syslog system. It should be noted that in a high availability NetScaler system, syslog configuration settings must be setup on each NetScaler server. Settings are not passed from NetScaler server to other NetScaler servers.

1. By default, NetScaler event messaging for the SSL VPN and the NetScaler system are enabled. You can check the rc.conf file in /nsconfig to ensure an administrator has not turned off the messaging by adding either of the following lines:

nsvpnlog_enable=”no”
nssyslog_enable=”no”

2. The base configuration file for the syslog facility is syslog.conf, which lives in the /etc directory. To customize the syslog facility, you need to make changes to this file, and then copy this file to /nsconfig.

This is necessary because when the system restarts, the dynamically generated /etc directory is re-created using the file that is in the /nsconfig directory. When changing the syslog messaging system, you must restart the NetScaler server for the changes to take affect.

Common problem:
After editing a configuration file and restarting, the changes are gone. – This occurs because the configuration file was not copied to the /nsconfig directory before restarting.

3. Syslog information is passed over port 514. The syslog facility for the NetScaler system is configured to run on the local0 facility, and the facility for the SSL VPN system is local1.

The NetScaler system syslog logs information to /var/log/ns.log. To change this to a different location on the NetScaler server, you need to make a change to rc.conf:

nssyslog_flags=” syslogfacility= NEWSYSLOGFACILITYNAME –s syslog=1 –d eventwait”

Change the value of syslogfacility to the new facility (usually 2).

4. Edit the syslog.conf to reflect the new value. Open the /nsconfig/syslog.conf file and change the following line to reflect the new syslog facility. For this example, local0 is changed to local2:

local2.* /var/log/newlog.log

The same methodology is used when changing the location of the SSL VPN log, except you use nsvpnlog_flags when changing the line item in the rc.conf file.

If you prefer to write messages to an external log host, this can also be configured. Simply edit the syslog.conf file so that the local0 facility points to an IP address of the external system, as in the following example:

local0.* @10.9.8.7