nswl 收集日志

nswl 收集日志

参考链接：https://docs.citrix.com/en-us/citrix-adc/12-1/system/web-server-logging.html

PS C:\Users\LSGX\Desktop\xxx\bin> .\nswl.exe -help
usage : nswl -[cmds] [cmd arguments]
        cmds  cmd arguments: -f <filename> -d debug
        -help          - detail help
        -start         - cmd arguments [starts weblogging]
        -verify        - cmd arguments [verifies config file]
        -addns         - cmd arguments [add a netscaler to conf file]
        -install       - cmd arguments [install program as a service ]
        -remove        - cmd arguments [remove service]
        -startservice  - start Netscaler Weblogging service
        -stopservice   - stop Netscaler Weblogging service
        -version       - prints the version info

PS C:\Users\LSGX\Desktop\xxx\bin>
PS C:\Users\LSGX\Desktop\xxx\bin> .\nswl.exe -addns -f .\log.conf
NSIP:192.168.195.91
userid:nsroot
password:Done !!
PS C:\Users\LSGX\Desktop\xxx\bin>
PS C:\Users\LSGX\Desktop\xxx\bin> .\nswl.exe -start -f .\log.conf

log.conf 文件内容

##########
# This is the NSWL configuration file
# Only the default filter is active
# Remove leading # to activate other filters
##########

##########
# Default filter (default on)
# W3C Format logging, new file is created every hour or on reaching 10MB file size,
# and the file name is Exyymmdd.log
##########
Filter default 

begin default
	logFormat		W3C
	logInterval		Hourly
	logFileSizeLimit	10
	logFilenameFormat	Ex%{%y%m%d}t.log
end default

##########
# Netscaler caches example
# CACHE_F filter covers all the transaction with HOST name www.netscaler.com and the listed server ip's
##########
#Filter CACHE_F HOST www.netscaler.com IP 192.168.100.89 192.168.100.95 192.168.100.52 192.168.100.53 ON

##########
# Netscaler origin server example
# Not interested in Origin server to Cache traffic transaction logging
##########
#Filter ORIGIN_SERVERS IP 192.168.100.64 192.168.100.65 192.168.100.66 192.168.100.67 192.168.100.225 192.168.100.226 192.168.100.227 192.168.100.228 OFF

##########
# Netscaler image server example
# all the image server logging.
##########
#Filter IMAGE_SERVER HOST www.netscaler.images.com IP 192.168.100.71 192.168.100.72 192.168.100.169 192.168.100.170 192.168.100.171 ON

##########
# NCSA Format logging, new file is created every day midnight or on reaching 20MB file size,
# and the file name is /datadisk5/NETSCALER/log/NS<hostname>/Nsmmddyy.log.
# Exclude objects that ends with .gif .jpg .jar.
##########
#begin ORIGIN_SERVERS
#	logFormat 		NCSA
#	logInterval 		Daily
#	logFileSizeLimit 	40
#	logFilenameFormat 	/datadisk5/ORGIN/log/%v/NS%{%m%d%y}t.log
#	logExclude		.gif .jpg .jar
#end ORIGIN_SERVERS

##########
# NCSA Format logging, new file is created every day midnight or on reaching 20MB file size,
# and the file name is /datadisk5/NETSCALER/log/NS<hostname>/Nsmmddyy.log with log record timestamp as GMT.
##########
#begin CACHE_F
#	logFormat 		NCSA
#	logInterval 		Daily
#	logFileSizeLimit 	20
#	logFilenameFormat /datadisk5/NETSCALER/log/%v/NS%{%m%d%y}t.log
#	logtime			GMT
#end CACHE_F

##########
# W3C Format logging, new file on reaching 20MB and the log file path name is
# atadisk6/NETSCALER/log/server's ip/Exmmyydd.log with log record timestamp as LOCAL.
##########
#begin IMAGE_SERVER
#	logFormat 		W3C
#	logInterval 		Size
#	logFileSizeLimit	20
#	logFilenameFormat /datadisk6/NETSCALER/log/%AEx%{%m%d%y}t
#	logtime			LOCAL
#end IMAGE_SERVER

##########
# Virtual Host by Name firm, can filter out the logging based on the host name by,
##########

#Filter VHOST_F IP 10.101.2.151 NETMASK 255.255.255.0
#begin VHOST_F
#	logFormat		W3C
#	logInterval		Daily
#	logFileSizeLimit	10
#	logFilenameFormat /ns/prod/vhost/%v/Ex%{%m%d%y}t
#end VHOST_F

########## END FILTER CONFIGURATION ##########

NSIP	172.16.201.185	username	nsroot	password	230:1>0:1754434651,>*4*71>+3,33=/>3=-1+2-:(5(2-5,9*952.>6=1>,<77,4+9/>457<531118*;*321+>)83360170<616<6>.=2?74+3731;.?5610(=)4)550)46=.8/1*?.9-2*;4:2>/77:*>191<71/323*7-=2058);.2,>6?297:/1.849-1001>-5.9)5+>2?-17=)34<4=54-7+1.:400?(027655:.46<-72>6=+446.343

启动 nswl 客户端程序：

注意：收集的内容会写入 Ex*.log 文件中。

查看收集的日志内容：

How To Customize NetScaler Web Logging

https://support.citrix.com/article/CTX227457

Created: 06 Sep 2017 | Modified: 27 Sep 2017

Objective

This article describes how to configure NetScaler Web Logging (NSWL) client and customize NSWL logging.

Instructions

Enabling web logging feature on the NetScaler

• We can enable web logging feature using the command “enable ns feature WL” on cli or on gui by check the Web Logging in Advanced features:

  

Downloading NSWL client

• Open the URL: https://www.citrix.com/downloads.html.
• Log in to the site using your credentials.
• Open the page for the required release number and build.
• In the page, under Weblog Clients, click Download. The package has the name format as follows: Weblog-<release number>-<build number>.zip. In my case, it is nswl_win-11.1-52.13.

Installing NSWL client on Windows server

• Extract the nswl_win-11.1-52.13.zip file from the package.
• Copy the extracted file to a Windows system on which you want to install the NSWL client.
• On the Windows system, unzip the file in a directory (referred as <NSWL-HOME>). The following directories are extracted: bin, etc, and samples.

• At the command prompt, run the following command from the <NSWL-HOME>\bin directory:
  nswl -install -f <directorypath>\log.conf

where, <directorypath> refers to the path of the configuration file (log.conf). By default, the file is in the <NSWL-HOME>\etc directory. However, you can copy the configuration file to any other directory.

Adding the NSIP

• Run the command nswl –addns –f <directorypath>\log.conf (Please note that the nswl client logging only work with the nsroot user. So, always add userid as nsroot)

• Once the NSIP has been added, you will see the entry in the bottom of the log.conf file (\etc\log.conf)

• Verify if the log.conf file is correct using the command nswl –verify –f <directorypath>\log.conf

• We can start the service using the command nswl –start –f <directorypath>\log.con

• Once we start the service, the logs will get generated in the <NSWL-HOME>\bin directory

Customizing logging to get the client ip address on the nswl logs

• By default the log format is w3c format.

• The fields that we get in the w3c format are “date time c-ip cs-username sc-servicename s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs-bytes sc-bytes time-taken cs-version cs(User-Agent) cs(Cookie) cs(Referer)”

• We can customize the logs as per the

• To export the “X-Forwarded-For” field from the http header by the web logging feature, configure the Custom HTTP Request Header to “X-Forwarded-For” in the Global System Settings.

• Then customize the log format to “custom %{%Y-%m-%d%H:%M:%S}t %a %u %S %A %p %m %U %q %s %j %J %T %H "%{user-agent}i" "%{cookie}i" "%{referer}i" "%{X-Forwarded-For}i" %T %M %e1 %e2”

================== End