Product Documentation

nstrace

Sep 12, 2016

The following operations can be performed on "nstrace":

nstrace

Invokes the nstrace program to log traffic flowing through the NetScaler appliance.

Synopsys

nstrace [-nf <positive_integer>] [-time <secs>] [-size <positive_integer>] [-mode <mode> ...] [-tcpdump ( ENABLED | DISABLED ) [-perNIC ( ENABLED | DISABLED )]] [-name <string> [-id <string>]] [-filter <expression> [-link ( ENABLED | DISABLED )]]

Arguments

nf

Number of files to be generated in a single run of the command.

Default value: 24

Minimum value: 0

time

Number of seconds for which to log to trace file. Can be a mathematical expression. For example, to log to trace files for 2 hours, you can specify 2*60*60.

Default value: 3600

size

Size of the packet to be logged (should be in the range of 60 to 1514 bytes). Set to 0 for full packet trace.

Default value: 164

Minimum value: 0

Maximum value: 1514

mode

Capturing mode for trace. Can be any of the following values, or a combination of these values:

* RX - Received packets before NIC pipelining

* NEW_RX - Received packets after NIC pipelining (packets that are not dropped)

* TX - Transmitted packets

* TXB - Packets buffered for transmission

* IPV6 - Translated IPv6 packets

* C2C - Capture core-to-core messages

* NS_FR_TX - Flow receiver does not capture the TX/TXB packets. Applicable only for a cluster setup.

* APPFW - Capture packets when appfw request triggers violation

You can also provide a combination of modes. For example:

* -mode NEW_RX TXB: Capture RX packets after NIC handling and packets that are buffered for actual transmission.

* -mode RX TX: Capture packet during NIC pipeline (filter expressions will not work for RX mode).

* -mode NEW_RX TXB NS_FR_TX: Default mode except that TX/TXB packets on the flow receiver are not captured.

Default value: DEFAULT_MODE

tcpdump

Log files format supported:nstrace-format, tcpdump-format. default:nstrace-format

Possible values: ENABLED, DISABLED

Default value: DISABLED

perNIC

Use separate trace files for each interface. Works only with TCP dump format.

Possible values: ENABLED, DISABLED

Default value: DISABLED

name

Custom file name for nstrace files.

id

ID for the trace file name, for uniqueness. Use only with the -name option.

filter

Filter expression for nstrace. Maximum length of filter is 255 and it can be of the following format:

"<expression> [<relop> <expression>"]

where,

<relop> can be the && or the || relational operators.

<expression> is a string in the following format: <qualifier> <operator> <qualifier-value>

where,

<operator> can be any one of the following (except the commas): ==, eq, !=, neq, >, gt, <, lt, >=, ge, <=, le, BETWEEN

Following are the valid qualifiers for the command: SOURCEIP, SOURCEPORT, DESTIP, DESTPORT, IP, PORT, SVCNAME, VSVRNAME, CONNID, VLAN, INTF.

Example:

nstrace -filter "SOURCEIP==10.102.34.201 || SVCNAME !=s1 && SOURCEPORT >80"

link

Include peer traffic of filtered connections.

Possible values: ENABLED, DISABLED

Default value: DISABLED

Example

 nstrace -nf 10 -time 100 -mode RX IPV6 TXB -name abc -tcpdump ENABLED -perNIC ENABLED