Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Citrix NetScalers

    Last updated on 17 March, 2023

    Configuring SNMP Access

    The NetScaler configuration must include a line allowing SNMP requests with the appropriate community from the collector.
 For example:

    add snmp community "community" ALL
add snmp manager 192.168.0.100

    In the above example, 192.168.0.100 is the address of the host running the LogicMonitor collector.

    To help troubleshoot SNMP access issues, it is often useful to confirm that:

    • The SNMP requests are arriving from the collector
    • The SNMP requests are arriving with the same community string that has been set on the device
    • The NetScaler is replying to the requests

    You can see whether this is the case by connecting to the Netscaler via SSH, logging in as nsroot, typing “shell”to get to a command shell, then run “nstcpdump.sh port 161”

    This will show you all SNMP packets going to/from the NetScaler.

    Monitoring NetScaler Clusters

    The recommended way to monitor NetScalers is by means of two groups.

    You should add all the physical NetScaler devices to the LogicMonitor system. (It is convenient to place these in one or more groups – NetScalers, or Network Gear, for example.) These devices will be checked for health, synchronization status, hardware failures, etc, but not for VIP activity.

    For each NetScaler HA pair, you should add a device to the LogicMonitor system with the DNS or IP of one of the “floating” IPs (the subnet IP or mapped IP addresses) that will move to the active node.

    Note: in order for SNMP access to work correctly on the floating IPs, the Netscaler must have management access enabled on them.

    For example:

    set ns ip 10.1.1.1 -mgmtAccess enabled

    In the above example, 10.1.1.1 is the NetScaler mapped IP.

    This host should be added to the NetScalersActive group. Members of this group will have VIP activity trended and alerted on them, as well as CPU and other health information. This separation allows continuity in monitoring VIP traffic, without breaks in the trends despite Netscaler failover events

    Configuring SSH Access for ConfigSources

    NetScaler ConfigSources require read-only ssh access to retrieve device configs. To use these ConfigSources, create a read-only account on your device and store the userid and password credentials in ssh.user & ssh.pass device properties, respectively.

    LogicMonitor provides two flavors of ConfigSources: one that monitors general system configuration only, and another that tracks and stores ALL device configuration files. The former alerts on standard NetScaler config changes, while the latter encompasses all data required to restore a device from bare-metal.

    Note: If the ability to monitor and alert on configuration files is not currently available in your LogicMonitor platform and you would like to learn more, reach out to your customer success manager.

    If you’d like to use the full-backup ConfigSource you’ll also need to create a NetScaler Command Policy to provide adequate rights to this userid. The appropriate cmdspec should look like:

    (^show\s+(?!audit messages)(?!techsupport).*)|(^stat.*)|(^shell ((cat|ls|ls -1|ls -la) (/nsconfig|/var|/netscaler)\S+)$)|(^show\s+(?!audit messages)(?!techsupport).*)|(^stat.*)

    Configuring NTP Access

    LogicMonitor will check the NTP synchronization of NetScalers by default (as good time synchronization is essential for any data center debugging operations), however, NTP is not enabled by default on NetScalers.

    To enable NTP on the NetScaler:

    1. Log on to the Application Switch CLI.

    2. Copy the /etc/ntp.conf file to /nsconfig/ntp.conf.

    3. Edit /nsconfig/ntp.conf, and add the IP address for the desired NTP server under the file’s server and restrict entries.

    4. Add the IP of the LogicMonitor collector under a restrict entry

    5. Edit /nsconfig/rc.conf, and add the text ntpd_enable=”YES”.

    6. Reboot the Application Switch to enable clock synchronization (or run /usr/sbin/ntpd -g)

    Troubleshooting

    Monitoring Virtual Services

    Older versions of NetScalers used different OIDs to list the virtual server names. Change the SNMP OID in the Active Discovery section for the datasources Netscaler_lb_vip- and Netscaler_vip- from .1.3.6.1.4.1.5951.4.1.3.1.1.59 to:

    • For version 9.0 – 9.1, use 1.3.6.1.4.1.5951.4.1.3.1.1.49
    • For a version < 9, use 1.3.6.1.4.1.5951.4.1.3.1.1.1

    Note that if you later upgrade to version 9.2 or later, you will need to revert this change.

    The Number of Services Up is always zero!
 This is a bug in NetScaler v7 code – if you use service groups, they will always report zero services up for a server.
 Workaround: Upgrade to v8 or later, or do not use service groups – bind the services individually.

    None of my virtual servers show the services up/down data. 
For this information to be available, you need to be running NetScaler code v7.0 or later.

    In This Article