Following are some of the best practices recommended when encountered with Learning functionality issues:
• Verify that the process aslearn is running.
• Check top command output
• Check output of ps command by executing the following command:
ps -ax | grep aslearn | grep -v "grep”
root@ns\# ps -ax | grep aslearn | grep -v "grep" 1439 ?? Ss 0:03.86 /netscaler/aslearn -start -f /netscaler/aslearn.conf
• Identify recent configuration commands executed prior to the observed problem by verifying the ns.log file:
• Inspect aslearn logs to check for aslearn messages:
• Isolate the profile and security check that is effected
• Identify the GUI and CLI command which is failing by executing the following command:
show appfw learningdata <profileName> <securityCheck>
show learningdata test_profile starturl
show learningdata test_profile crosssiteScripting
show learningdata test_profile sqLInjection
show learningdata test_profile csRFtag
show learningdata test_profile fieldformat
show learningdata test_profile fieldconsistency
• Perform integrity check of sqlite from bsd shell prompt:
nsshell # sqlite3 /var/nslog/asl/<profile_name_in_lowercase>.db 'pragma integrity_check;'
- root@ns# sqlite3 /var/nslog/asl/tsk0247284.db 'pragma integrity_check;'
• Deploy or remove rules to start learning again:
If 2000 learn items (per protection) are reached, you cannot start learning any more for that protection
If 20 MB size is reached for the database, stop learning for all protections
Restart aslearn process
*/netscaler/aslearn -start -f/netscaler/aslearn.conf*
• Check the space in the /var folder by executing the following:
- du -h /var
• Check the learning threshold limits by executing the following command:
show appfwlearningsettings <profile_name> <securityCheck>
• Collect learned data by executing the following command:
export appfwlearningdata <profile_name> <securityCheck>
• Ascertain that learned data is uploaded in the collector.