ADC

Learning

Following are some of the best practices recommended when encountered with Learning functionality issues:

Aslearn process:

• Verify that the process aslearn is running.

• Check top command output

• Check output of ps command by executing the following command:

     - ps -ax | grep aslearn | grep -v "grep”

Example:

 root@ns\# ps -ax | grep aslearn | grep -v "grep"

1439  ??  Ss     0:03.86 /netscaler/aslearn -start -f /netscaler/aslearn.conf
<!--NeedCopy-->

 • Identify recent configuration commands executed prior to the observed problem by verifying the ns.log file:

  • /var/log/ns.log

• Inspect aslearn logs to check for aslearn messages:

  • /var/log/aslearn.log

• Isolate the profile and security check that is effected

• Identify the GUI and CLI command which is failing by executing the following command:

  • show appfw learningdata <profileName> <securityCheck>

Examples:

  • show learningdata test_profile starturl

  •  show learningdata test_profile crosssiteScripting

  •  show learningdata test_profile sqLInjection

  • show learningdata test_profile csRFtag

  • show learningdata test_profile fieldformat

  • show learningdata test_profile fieldconsistency

• Perform integrity check of sqlite from bsd shell prompt:

  • nsshell # sqlite3 /var/nslog/asl/<profile_name_in_lowercase>.db 'pragma integrity_check;'

Examples:

- root@ns# sqlite3 /var/nslog/asl/tsk0247284.db 'pragma integrity_check;'
Ok
<!--NeedCopy-->

• Deploy or remove rules to start learning again:

  • If 2000 learn items (per protection) are reached, you cannot start learning any more for that protection

  • If 20 MB size is reached for the database, stop learning for all protections

  • Restart aslearn process

*/netscaler/aslearn -start -f/netscaler/aslearn.conf*

• Check the space in the /var folder by executing the following:

  • du -h /var

• Check the learning threshold limits by executing the following command:

  • show appfwlearningsettings <profile_name> <securityCheck>

• Collect learned data by executing the following command:

  • export appfwlearningdata <profile_name> <securityCheck>

• Ascertain that learned data is uploaded in the collector.

Learning