Application Delivery Management

Logstream overview

NetScaler instances generate AppFlow records and are a central point of control for all application traffic in the data center. IPFIX and Logstream are the protocols that transport these AppFlow records from NetScaler instances to NetScaler Console. For more information, see AppFlow.

  • IPFIX is an open Internet Engineering Task Force (IETF) standard defined in RFC 5101. IPFIX uses UDP protocol which is unreliable transport protocol used for data flow in one direction. Since IPFIX uses UDP protocol, adhering to IPFIX standard results in processing more resources in NetScaler Console.

  • Logstream is a Citrix-owned protocol that is used as one of the transport modes to efficiently transfer the analytics log data from NetScaler instances to NetScaler Console. Logstream uses reliable TCP protocol and requires lesser resources in processing the data.

For NetScaler between 11.1 Build 47.14 and 11.1 Build 62.8, Logstream is the default transport mode for enabling Web Insight (HTTP) and IPFIX is the only transport mode for enabling other insights. For NetScaler version starting from 12.0 to latest version, you can select either Logstream or IPFIX as the transport mode.

Enable Logstream as Transport Mode

  1. Navigate to Infrastructure > Instances, and select the NetScaler instance you want to enable analytics.

  2. From the Select Action list, select Configure Analytics.

    configure analytics

  3. Select the virtual servers and then click Enable Analytics.

    Enable analytics

  4. On the Enable Analytics window:

    1. Select the insight types (Web Insight or WAF Security Violations)

    2. Select Logstream as Transport Mode

      Note

      For NetScaler between 11.1 Build 47.14 and 11.1 Build 62.8, Logstream is the default transport mode for enabling Web Insight (HTTP) and IPFIX is the only transport mode for enabling other insights. For NetScaler version starting from 12.0 to latest version, you can select either Logstream or IPFIX as the transport mode.

    3. The Expression is true by default

    4. Click OK

      Enable analytics

      Note

      • If you select virtual servers that are not licensed, then NetScaler Console first licenses those virtual servers and then enables analytics

      • For admin partitions, only Web Insight is supported

      • For virtual servers such as Cache Redirection, Authentication, and GSLB, you cannot enable analytics. An error message is displayed

The following table describes the features of NetScaler Console that supports Logstream as the transport mode:

Feature IPFIX Logstream
Web Insight
WAF Security Violations
Gateway Insight
HDX Insight
SSL Insight Not supported
CR Insight
IP Reputation
AppFirewall
Client Side Measurement
Syslog/Auditlog
Logstream overview