nswl 收集日志

时间:2024-04-01 09:34:38

nswl 收集日志

参考链接:https://docs.citrix.com/en-us/citrix-adc/12-1/system/web-server-logging.html

PS C:\Users\LSGX\Desktop\xxx\bin> .\nswl.exe -help

usage : nswl -[cmds] [cmd arguments]

        cmds  cmd arguments: -f <filename> -d debug

        -help          - detail help

        -start         - cmd arguments [starts weblogging]

        -verify        - cmd arguments [verifies config file]

        -addns         - cmd arguments [add a netscaler to conf file]

        -install       - cmd arguments [install program as a service ]

        -remove        - cmd arguments [remove service]

        -startservice  - start Netscaler Weblogging service

        -stopservice   - stop Netscaler Weblogging service

        -version       - prints the version info

PS C:\Users\LSGX\Desktop\xxx\bin>

PS C:\Users\LSGX\Desktop\xxx\bin> .\nswl.exe -addns -f .\log.conf

NSIP:192.168.195.91

userid:nsroot

password:Done !!

PS C:\Users\LSGX\Desktop\xxx\bin>

PS C:\Users\LSGX\Desktop\xxx\bin> .\nswl.exe -start -f .\log.conf

log.conf 文件内容

##########

# This is the NSWL configuration file

# Only the default filter is active

# Remove leading # to activate other filters

##########

##########

# Default filter (default on)

# W3C Format logging, new file is created every hour or on reaching 10MB file size,

# and the file name is Exyymmdd.log

##########

Filter default 

begin default

	logFormat		W3C

	logInterval		Hourly

	logFileSizeLimit	10

	logFilenameFormat	Ex%{%y%m%d}t.log

end default

##########

# Netscaler caches example

# CACHE_F filter covers all the transaction with HOST name www.netscaler.com and the listed server ip's

##########

#Filter CACHE_F HOST www.netscaler.com IP 192.168.100.89 192.168.100.95 192.168.100.52 192.168.100.53 ON

##########

# Netscaler origin server example

# Not interested in Origin server to Cache traffic transaction logging

##########

#Filter ORIGIN_SERVERS IP 192.168.100.64 192.168.100.65 192.168.100.66 192.168.100.67 192.168.100.225 192.168.100.226 192.168.100.227 192.168.100.228 OFF

##########

# Netscaler image server example

# all the image server logging.

##########

#Filter IMAGE_SERVER HOST www.netscaler.images.com IP 192.168.100.71 192.168.100.72 192.168.100.169 192.168.100.170 192.168.100.171 ON

##########

# NCSA Format logging, new file is created every day midnight or on reaching 20MB file size,

# and the file name is /datadisk5/NETSCALER/log/NS<hostname>/Nsmmddyy.log.

# Exclude objects that ends with .gif .jpg .jar.

##########

#begin ORIGIN_SERVERS

#	logFormat 		NCSA

#	logInterval 		Daily

#	logFileSizeLimit 	40

#	logFilenameFormat 	/datadisk5/ORGIN/log/%v/NS%{%m%d%y}t.log

#	logExclude		.gif .jpg .jar

#end ORIGIN_SERVERS

##########

# NCSA Format logging, new file is created every day midnight or on reaching 20MB file size,

# and the file name is /datadisk5/NETSCALER/log/NS<hostname>/Nsmmddyy.log with log record timestamp as GMT.

##########

#begin CACHE_F

#	logFormat 		NCSA

#	logInterval 		Daily

#	logFileSizeLimit 	20

#	logFilenameFormat /datadisk5/NETSCALER/log/%v/NS%{%m%d%y}t.log

#	logtime			GMT

#end CACHE_F

##########

# W3C Format logging, new file on reaching 20MB and the log file path name is

# atadisk6/NETSCALER/log/server's ip/Exmmyydd.log with log record timestamp as LOCAL.

##########

#begin IMAGE_SERVER

#	logFormat 		W3C

#	logInterval 		Size

#	logFileSizeLimit	20

#	logFilenameFormat /datadisk6/NETSCALER/log/%AEx%{%m%d%y}t

#	logtime			LOCAL

#end IMAGE_SERVER

##########

# Virtual Host by Name firm, can filter out the logging based on the host name by,

##########

#Filter VHOST_F IP 10.101.2.151 NETMASK 255.255.255.0

#begin VHOST_F

#	logFormat		W3C

#	logInterval		Daily

#	logFileSizeLimit	10

#	logFilenameFormat /ns/prod/vhost/%v/Ex%{%m%d%y}t

#end VHOST_F

########## END FILTER CONFIGURATION ##########

NSIP	172.16.201.185	username	nsroot	password	230:1>0:1754434651,>*4*71>+3,33=/>3=-1+2-:(5(2-5,9*952.>6=1>,<77,4+9/>457<531118*;*321+>)83360170<616<6>.=2?74+3731;.?5610(=)4)550)46=.8/1*?.9-2*;4:2>/77:*>191<71/323*7-=2058);.2,>6?297:/1.849-1001>-5.9)5+>2?-17=)34<4=54-7+1.:400?(027655:.46<-72>6=+446.343

启动 nswl 客户端程序:

nswl 收集日志

注意:收集的内容会写入 Ex*.log 文件中。

查看收集的日志内容:

nswl 收集日志

How To Customize NetScaler Web Logging

https://support.citrix.com/article/CTX227457

Created: 06 Sep 2017 | Modified: 27 Sep 2017

Objective

This article describes how to configure NetScaler Web Logging (NSWL) client and customize NSWL logging.

Instructions

Enabling web logging feature on the NetScaler

  • We can enable web logging feature using the command “enable ns feature WL” on cli or on gui by check the Web Logging in Advanced features:
  nswl 收集日志

Downloading NSWL client

  • Open the URL: https://www.citrix.com/downloads.html.
  • Log in to the site using your credentials.
  • Open the page for the required release number and build.
  • In the page, under Weblog Clients, click Download. The package has the name format as follows: Weblog-<release number>-<build number>.zip. In my case, it is nswl_win-11.1-52.13.

nswl 收集日志

Installing NSWL client on Windows server

  • Extract the nswl_win-11.1-52.13.zip file from the package.
  • Copy the extracted file to a Windows system on which you want to install the NSWL client.
  • On the Windows system, unzip the file in a directory (referred as <NSWL-HOME>). The following directories are extracted: bin, etc, and samples.

nswl 收集日志

  • At the command prompt, run the following command from the <NSWL-HOME>\bin directory:
    nswl -install -f <directorypath>\log.conf

where, <directorypath> refers to the path of the configuration file (log.conf). By default, the file is in the <NSWL-HOME>\etc directory. However, you can copy the configuration file to any other directory.

nswl 收集日志

Adding the NSIP

  • Run the command nswl –addns –f <directorypath>\log.conf (Please note that the nswl client logging only work with the nsroot user. So, always add userid as nsroot)nswl 收集日志

  • Once the NSIP has been added, you will see the entry in the bottom of the log.conf file (\etc\log.conf)nswl 收集日志

  • Verify if the log.conf file is correct using the command nswl –verify –f <directorypath>\log.confnswl 收集日志

  • We can start the service using the command nswl –start –f <directorypath>\log.connswl 收集日志

  • Once we start the service, the logs will get generated in the <NSWL-HOME>\bin directory

nswl 收集日志

Customizing logging to get the client ip address on the nswl logs

  • By default the log format is w3c format.

nswl 收集日志

  • The fields that we get in the w3c format are “date time c-ip cs-username sc-servicename s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs-bytes sc-bytes time-taken cs-version cs(User-Agent) cs(Cookie) cs(Referer)”

nswl 收集日志

  • We can customize the logs as per the

nswl 收集日志

  • To export the “X-Forwarded-For” field from the http header by the web logging feature, configure the Custom HTTP Request Header to “X-Forwarded-For” in the Global System Settings.

nswl 收集日志

nswl 收集日志

  • Then customize the log format to “custom %{%Y-%m-%d%H:%M:%S}t %a %u %S %A %p %m %U %q %s %j %J %T %H "%{user-agent}i" "%{cookie}i" "%{referer}i" "%{X-Forwarded-For}i" %T %M %e1 %e2”

nswl 收集日志

================== End

相关文章