Citrix

Produktdokumentation



Ganzes Dokument herunterladen

Monitoring SNMP Events and Alarms

Dec. 18, 2015

When the Command Center server adds its IP address to the list of trap destinations on a discovered device, the device routes all events or traps generated on it to Command Center. From these SNMP trap notifications, the Command Center server automatically consolidates a list of the events that occur on the discovered devices.

Command Center correlates the history of events to form alarms of different severity levels and displays them as messages, some of which may require immediate attention. The alarms are correlated for similar kinds of events. For example, for events linkUp and linkDown of the same entity Link occurring in the same device, only one alarm is generated, stating the latest status and the severity of the event.

Each event stored in Command Center occupies approximately 250 bytes of space. Command Center stores the events of six months and displays only the latest 10,000 events and alarms.

This topic includes the following details:

For information about NetScaler SNMP OIDs, traps, and system health counters, see NetScaler SNMP OID Reference.

Viewing Events

Updated: 2014-10-17

Events represent occurrences of events or errors on Citrix devices. For example, when a failure or fault is detected on a Citrix device, an event occurs. The Command Center server collects information about these events.

To view events

  1. On the Fault tab, in the left pane, under SNMP, click Events.
  2. In the right pane, under Events, view the following:
    • Severity: Specifies the severity of the event, such as critical, major, warning, minor, or clear.
    • Source: Specifies the IP address, the system name, or the host name of the device on which the event is generated ,based on the device label configuration. For more information about configuring the device label, see Configuring Server Settings.
    • Date: Specifies the date and time when the event was generated. The date format is MMM DD, YYYY HH:MM:SS AM/PM.
    • Category: Specifies the category of the device to which the event belongs, such as discovery standalone, inaccessible system, or a discovery HA pair.
    • Description: Specifies the message associated with the event, such as "Command: save ns config Authorization Status: AUTHORIZED Result: SUCCESS User: nsroot."

      For SNMP authentication failures, the message also displays the IP address and port value of the device that failed authentication.

      For any entity-related UP, DOWN, or OUT OF SERVICE traps, the description also displays the entity IP address and port value along with the entity name.

Viewing Alarms

Command Center correlates the history of events to form alarms of different severity levels and displays them as messages, some of which may require immediate attention. The alarms are correlated for similar kinds of events. For example, for events linkUp and linkDown of the same entity Link occurring in the same device, only one alarm is generated, stating the latest status and the severity of the event.

You can view either all the alarms for all the events, or view the alarm associated with an event.

To view all alarms

  1. On the Fault tab, in the left pane, expand SNMP, click Alarms.
  2. In the right pane, under Alarms, view the following:
    • Date/Time: Specifies the date and time when the alarm was generated (that is, the latest time of the occurrence of the event associated with the alarm). The date/time format is MM DD, YYYY HH:MM:SS AM/PM.
    • Severity: Specifies the current severity of the alarm—critical, major, minor, warning, info, or clear.
    • Category: Specifies the type of alarm (for example, Entitydown or linkDown).
    • Source: Specifies the IP address or the system name of the device on which the events that caused the alarm occurred., based on the device label configuration. For more information about configuring the device label, see Configuring Server Settings.
    • Failure Object: Specifies the object that triggered the alarm (for example, entity).
    • Description: Specifies the properties (for example, alarm creation date, last updated date, and current and previous severity) of the alarm, with a detailed message.
    • Actions: Specifies the permitted actions (for example, annotate and pickup) that you can perform on the alarm.

To view alarms for an event

  1. On the Fault tab, in the left pane, expand SNMP, click Events.
  2. In the right pane, under Events, click the event for which you want to view the alarm, and then click Alarm. Alternately, right-click the view, and click Alarm.

Configuring Views for Events and Alarms

You can configure views to monitor specific events and alarms based on the criteria you specify.

Views make it easier to monitor a large number of events generated across your NetScaler infrastructure. For example, you can create a view to monitor all major events raised when there is a high CPU usage.

In this section:

  • Adding Views for Events and Alarms
  • Modifying Views
  • Deleting Views

Adding Views for Events and Alarms

You can add different views for the events and alarms you monitor. These views are based on various filter criteria, such as severity, devices, and categories.

To add views for events and alarms

  1. On the Fault tab, in the left pane, under SNMP, click Events or Alarms.
  2. Under Eventsor Alarms, navigate to Views and click Add .
  3. Under Create Event View, in Name, type a view name. The view name is unique and user-defined.
  4. In Device Type, select the type of device, such as NetScaler, CloudBridge, NetScaler VPX, and CloudBridge VPX.
  5. In Severity, select the severity level of the events or alarms for which you want to add the view
  6. For an alarm view, in Previous Severity, select the severity level that the alarm had earlier. Note: Due to event correlation an alarm goes through various severity levels. The Previous Severity option filters the alarms based on the previous severity level.
  7. In Devices, click the icon next to the text box to select the IP address(es) of the discovered NetScaler or CloudBridge devices for which you want to define a view
  8. In Categories, click the icon next to the text box to select the categories of events or alarms generated by the managed devices.
  9. In Failure Objects, either type the entity instances or counters for which an event or alarm has been generated, or click the icon next to the text box to select the entity instances. Note: This list can contain counter names for all threshold-related events, entity names for all entity-related events, certificate names for certificate-related events. For threshold-related events, the instances should match the incoming traps, as described in the following table.
  10. In Filter based on event description type a message that lets you further narrow the filter to events or alarms that meet specific criteria. The message should match the incoming trap. For example, if you want to view all events that are generated when a feature or entity is enabled, type Command: enable*. And, if you want to view all events generated by a particular user for the selected category, type *User: UserName. Note: If you are not sure of the format of the message to type, you can copy the format of a similar category from the Message field in the Network Events or Alarms pane.
  11. In From Time and To Time, click the calendar icon to specify the date and time during which the events or alarms are generated.
  12. In Event Age or Alarm Age, specify the age of the alarm based on which you want to filter the view.
  13. In Refresh Period in Minutes, type the time interval after which you want Command Center to refresh the view.

Threshold Instance Formats

Group Name Instance Format
Interface

InterfaceName

Example: L0/1

Content Filters

ContentFilterName

Example: Cfilter1

VLAN

VLANID

Example: 102

Policy Engine

PolicyName

Example: Pol1

Services

ServiceName(ServiceIPAddress:ServicePort)

Example: svc1(1.1.1.1:8080)

Virtual Servers

VserverName(VserverIPAddress:VserverPort)

Example: vsvr(10.102.31.80:8443)

Virtual Services

(VserverName:ServiceName)

Example: vsvr:svc1

Content Switch policies

(VserverName:ContentSwitchPolicyName)

Example: vsvr:cspol1

Cache Redirection Policies

VserverName:CacheRedirectionPolicyName

Example : vsvr1:crpol1

ACL Table

ACLName

Example: acl1

CPU Usage

CPUName

Example: cpu0

Service Groups

ServiceGroupMemberName( Weight:ServiceGroupMemberWeight)

Example: svcg1(Weight:1)

ACL6 Table

ACL6Name( Priority:ACL6Priority)

Example: aclRule1(Priority:25)

System Health

SystemHealthCounterName

Example: CPUFan0Speed

System Disks

SystemHealthDiskName

Example: /var

CloudBridge Service Classes

ServiceClassName

Example: HTTP (Private)

CloudBridge ICA Traffic

Priority

Example: 5

Modifying Views

After creating views, you can modify the filter criteria of the views.

To modify views

  1. On the Fault tab, in the left pane, under SNMP, expand Events or Alarms.
  2. Under Events or Alarms, click the view you want to modify.
  3. In the right pane, click Modify....
  4. Under Modify View, make changes to the values as required, and then click OK.

Deleting Views

You can delete a view if you do not want to use it again.

To delete a view

  1. On the Fault tab, in the left pane, under SNMP, expand Events or Alarms.
  2. Under Events or Alarms, click the view you want to modify.
  3. In the right pane, click Delete.

Scheduling a Filter

Updated: 2015-04-03

After creating a filter, if you do not want the Command Center server to send email notifications every time the alarm or event generated satisfies the filter criteria, you can schedule the filter to trigger only at specific time intervals. You can specify daily, weekly, or monthly.

For example, if you have scheduled a system maintenance activity for different applications on your devices at different times, the devices might generate multiple alarms.

If you have configured a filter for these alarms and enabled email notifications for these filters, the server sends a large number of email notifications when Command Center server receives these traps. If you want the server to send these email notifications during only a specific time period, you can do so by scheduling a filter.

To schedule a filter

  1. On the Fault tab, in the left pane, under SNMP, click Alarms or Events, and then click Triggers.
  2. In the right pane, select a trigger and click Schedule a Filter.

To view scheduled filters

  1. On the Fault tab, in the left pane, under SNMP, click Alarms or Events, and then click Triggers.
  2. In the right pane, select a trigger and click Scheduled Filters.

Searching Events and Alarms

Updated: 2013-07-22

You can use the search option to search for events and alarms based on different criteria that you provide.

To search for events and alarms

  1. On the Fault tab, in the left pane, under SNMP, click Events or Alarms.
  2. In the right pane, under Events or Alarms, click Search icon.
  3. In the search pane, use the drop down list to select the filter criteria. Enter the search keyword in the text box. You can also use the logical operators to define the search keyword.
  4. Click + icon or press Enter key to add the criteria, and then click Refine Search. The search results are displayed.
Back to Top