Product Documentation

appflow param

Sep 12, 2016

The following operations can be performed on "appflow param":

set appflow param

Configures AppFlow parameters.

Synopsys

set appflow param [-templateRefresh <secs>] [-appnameRefresh <secs>] [-flowRecordInterval <secs>] [-SecurityInsightRecordInterval <secs>] [-udpPmtu <positive_integer>] [-httpUrl ( ENABLED | DISABLED )] [-AAAUserName ( ENABLED | DISABLED )] [-httpCookie ( ENABLED | DISABLED )] [-httpReferer ( ENABLED | DISABLED )] [-httpMethod ( ENABLED | DISABLED )] [-httpHost ( ENABLED | DISABLED )] [-httpUserAgent ( ENABLED | DISABLED )] [-clientTrafficOnly ( YES | NO )] [-httpContentType ( ENABLED | DISABLED )] [-httpAuthorization ( ENABLED | DISABLED )] [-httpVia ( ENABLED | DISABLED )] [-httpXForwardedFor ( ENABLED | DISABLED )] [-httpLocation ( ENABLED | DISABLED )] [-httpSetCookie ( ENABLED | DISABLED )] [-httpSetCookie2 ( ENABLED | DISABLED )] [-connectionChaining ( ENABLED | DISABLED )] [-httpDomain ( ENABLED | DISABLED )] [-skipCacheRedirectionHttpTransaction ( ENABLED | DISABLED )] [-identifierName ( ENABLED | DISABLED )] [-identifierSessionName ( ENABLED | DISABLED )] [-observationDomainId <positive_integer>] [-observationDomainName <string>] [-subscriberAwareness ( ENABLED | DISABLED )] [-SecurityInsightTraffic ( ENABLED | DISABLED )] [-cacheInsight ( ENABLED | DISABLED )]

Arguments

templateRefresh

Refresh interval, in seconds, at which to export the template data. Because data transmission is in UDP, the templates must be resent at regular intervals.

Default value: 600

Minimum value: 60

Maximum value: 3600

appnameRefresh

Interval, in seconds, at which to send Appnames to the configured collectors. Appname refers to the name of an entity (virtual server, service, or service group) in the NetScaler appliance.

Default value: 600

Minimum value: 60

Maximum value: 3600

flowRecordInterval

Interval, in seconds, at which to send flow records to the configured collectors.

Default value: 60

Minimum value: 60

Maximum value: 3600

SecurityInsightRecordInterval

Interval, in seconds, at which to send security insight flow records to the configured collectors.

Default value: 600

Minimum value: 60

Maximum value: 3600

udpPmtu

MTU, in bytes, for IPFIX UDP packets.

Default value: 1472

Minimum value: 128

Maximum value: 1472

httpUrl

Include the http URL that the NetScaler appliance received from the client.

Possible values: ENABLED, DISABLED

Default value: DISABLED

AAAUserName

Enable AppFlow AAA Username logging.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpCookie

Include the cookie that was in the HTTP request the appliance received from the client.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpReferer

Include the web page that was last visited by the client.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpMethod

Include the method that was specified in the HTTP request that the appliance received from the client.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpHost

Include the host identified in the HTTP request that the appliance received from the client.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpUserAgent

Include the client application through which the HTTP request was received by the NetScaler appliance.

Possible values: ENABLED, DISABLED

Default value: DISABLED

clientTrafficOnly

Generate AppFlow records for only the traffic from the client.

Possible values: YES, NO

Default value: NO

httpContentType

Include the HTTP Content-Type header sent from the server to the client to determine the type of the content sent.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpAuthorization

Include the HTTP Authorization header information.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpVia

Include the httpVia header which contains the IP address of proxy server through which the client accessed the server.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpXForwardedFor

Include the httpXForwardedFor header, which contains the original IP Address of the client using a proxy server to access the server.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpLocation

Include the HTTP location headers returned from the HTTP responses.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpSetCookie

Include the Set-cookie header sent from the server to the client in response to a HTTP request.

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpSetCookie2

Include the Set-cookie header sent from the server to the client in response to a HTTP request.

Possible values: ENABLED, DISABLED

Default value: DISABLED

connectionChaining

Enable connection chaining so that the client server flows of a connection are linked. Also the connection chain ID is propagated across NetScalers, so that in a multi-hop environment the flows belonging to the same logical connection are linked. This id is also logged as part of appflow record

Possible values: ENABLED, DISABLED

Default value: DISABLED

httpDomain

Include the http domain request to be exported.

Possible values: ENABLED, DISABLED

Default value: DISABLED

skipCacheRedirectionHttpTransaction

Skip Cache http transaction. This HTTP transaction is specific to Cache Redirection module. In Case of Cache Miss there will be another HTTP transaction initiated by the cache server.

Possible values: ENABLED, DISABLED

Default value: DISABLED

identifierName

Include the stream identifier name to be exported.

Possible values: ENABLED, DISABLED

Default value: DISABLED

identifierSessionName

Include the stream identifier session name to be exported.

Possible values: ENABLED, DISABLED

Default value: DISABLED

observationDomainId

An observation domain groups a set of NetScalers based on deployment: cluster, HA etc. A unique Observation Domain ID is required to be assigned to each such group.

Default value: 0

Minimum value: 1000

observationDomainName

Name of the Observation Domain defined by the observation domain ID.

subscriberAwareness

Enable this option for logging end user MSISDN in L4/L7 appflow records

Possible values: ENABLED, DISABLED

Default value: DISABLED

SecurityInsightTraffic

Flag to determine whether security insight traffic needs to be exported or not

Possible values: ENABLED, DISABLED

Default value: DISABLED

cacheInsight

Flag to determine whether cache records need to be exported or not. If this flag is true and IC is enabled, cache records are exported instead of L7 HTTP records

Possible values: ENABLED, DISABLED

Default value: DISABLED

Example

set appflow param -templateRefresh 240

unset appflow param

Use this command to remove appflow param settings.Refer to the set appflow param command for meanings of the arguments.

Synopsys

unset appflow param [-templateRefresh] [-appnameRefresh] [-flowRecordInterval] [-SecurityInsightRecordInterval] [-udpPmtu] [-httpUrl] [-AAAUserName] [-httpCookie] [-httpReferer] [-httpMethod] [-httpHost] [-httpUserAgent] [-clientTrafficOnly] [-httpContentType] [-httpAuthorization] [-httpVia] [-httpXForwardedFor] [-httpLocation] [-httpSetCookie] [-httpSetCookie2] [-connectionChaining] [-httpDomain] [-skipCacheRedirectionHttpTransaction] [-identifierName] [-identifierSessionName] [-observationDomainId] [-observationDomainName] [-subscriberAwareness] [-SecurityInsightTraffic] [-cacheInsight]

show appflow param

Displays AppFlow parameters.

Synopsys

show appflow param

Outputs

templateRefresh

Refresh interval, in seconds, at which to export the template data. Because data transmission is in UDP, the templates must be resent at regular intervals.

appnameRefresh

Interval, in seconds, at which to send Appnames to the configured collectors. Appname refers to the name of an entity (virtual server, service, or service group) in the NetScaler appliance.

flowRecordInterval

Interval, in seconds, at which to send flow records to the configured collectors.

SecurityInsightRecordInterval

Interval, in seconds, at which to send security insight flow records to the configured collectors.

udpPmtu

MTU, in bytes, for IPFIX UDP packets.

httpUrl

State of AppFlow HTTP URL logging.

AAAUserName

State of AppFlow AAA User logging.

httpCookie

State of AppFlow HTTP cookie logging.

httpReferer

State of AppFlow HTTP referer logging.

httpMethod

State of AppFlow HTTP method logging.

httpHost

State of AppFlow HTTP host logging.

httpUserAgent

State of AppFlow HTTP user-agent logging.

clientTrafficOnly

Generate AppFlow records for only the traffic from the client.

httpContentType

State of AppFlow HTTP Content-Type header logging

httpAuthorization

State of AppFlow HTTP Authorization header logging

httpVia

State of AppFlow HTTP Via header logging

httpXForwardedFor

State of AppFlow HTTP X-Forwarded-For header logging

httpLocation

State of AppFlow HTTP Location header logging

httpSetCookie

State of AppFlow HTTP Setcookie header logging

httpSetCookie2

State of AppFlow HTTP Setcookie2 header logging

connectionChaining

State of connection-chaining feature

httpDomain

State of AppFlow HTTP Domain name logging

skipCacheRedirectionHttpTransaction

Skip Cache http transaction. This HTTP transaction is specific to Cache Redirection module. In Case of Cache Miss there will be another HTTP transaction initiated by the cache server.

identifierName

State of AppFlow Stream Identifier Name logging

identifierSessionName

State of AppFlow Stream Identifier Session Name logging

observationDomainId

An observation domain groups a set of NetScalers based on deployment: cluster, HA etc. A unique Observation Domain ID is required to be assigned to each such group.

observationDomainName

Name of the Observation Domain defined by the observation domain ID.

builtin

Flag to determine if the appflow param is built-in or not

SecurityInsightTraffic

State of Security Insight traffic exporting

subscriberAwareness

Enable this option for logging end user MSISDN in L4/L7 appflow records

cacheInsight

Flag to determine whether cache records need to be exported or not. If this flag is true and IC is enabled, cache records are exported instead of L7 HTTP records