Product Documentation

Logging/Monitoring

Jun 06, 2013

The Configuration: Appliance Settings: Logging/Monitoring page controls the logging and alert settings for the Appliance. It has seven tabs: Log Options, Log Extraction, Log Statistics, Log Removal, Alert Options, Syslog Server, and SNMP.

Log Options Tab

These options set the kind of information that is stored in the log:
  • Log System Records—This gives general statistics about connections every 60 seconds. Most users will want to disable this option.
  • Log Adapter Records—This reports the status of each Ethernet port every 60 seconds. Most users will want to disable this option.
  • Log Flow Records—This summarizes the status of the communication between this unit and each active Acceleration Partner every 60 seconds. Most users will want to disable this option.
  • Log Connection Records.—This summarizes the state of each active accelerated connections every 60 seconds. Most users will want to disable this option.
  • Log Open/Close Records—Adds a log entry whenever an accelerated connection is opened or closed. These records contain performance statistics in addition to identifying the endpoints and the connection duration. Leave this option enabled.
  • Log Text Records—Shows kernel and other OS messages. Leave this option enabled.
  • Log Alert Records—Repeats the information from the Alerts page in the log. Leave this option enabled.
  • Other Settings—The Log Max Size, Lines Displayed, and Max Export Count fields are self-explanatory and rarely need to be changed.
Figure 1. Log Options Tab

Log Extraction Tab

To export log files, select a range of entries by number of date/time, and click the Export. Your browser will show an Open/Save dialog that allows you to open the log file with a default application or save it to a file. Log files are exported as ordinary ASCII text files with a.txt extension or as XML files. Line ending style is selectable for convenience when important to systems with different newline conventions (such as Windows CR/LF vs. UNIX LF).

Figure 2. Log Extraction Tab

Log Statistics Tab

The Log Statistics tab gives basic information about the logging system.

Figure 3. Log Statistics Tab

Log Removal Tab

You can erase the log files by clicking Remove.

Alert Options Tab

Two Kinds of Alert Message

There are two kinds of Alerts:
  1. User-configurable alerts, which appear on the Configure Settings: Alert page. These are mostly informational and are primarily of use when troubleshooting. Each of these alerts has a radio button to select between Alert, Logged, and Disabled.
  2. Internal alerts. These generally indicate a more serious problem, and cannot be masked by the user. They do not appear on the Configure Settings: Alert page.
User-Configurable Alerts
  • Alerted means that when the condition occurs, it will be logged, the alert icon will appear at the top of the screen, and the condition will be listed when the Error link is clicked.
  • Logged means that when the condition occurs, it will be logged, but the alert icon will not appear and the condition will not be listed when the Error link is clicked.
  • Disabled means the condition will not be logged. Not all conditions can be disabled. These lack a radio button under the Disabled column.
  • The Alert Retention Time parameter sets how long an Alert stays active after the condition that caused it has gone away.
Figure 4. Part of the Alert Options Tab

Each parameter has an associated description in the Help column (the text for which will not be repeated here).

Changes will not take effect unless you click the Update.

The Reset to defaults button restores the factory-recommended settings.

Alerts include:
  • WAN Loss Rate
  • LAN Loss Rate
  • Connection Stalled (probable application hang)
  • Connection Timeout
  • Invalid Connection Attempt
  • NIC Negotiated Half-Duplex
  • ARP Timeout
  • Attempt to Exceed License Key File Limit
  • Asymmetric Network Configuration
  • Invalid or Illegal Packets Received
  • Out of CPU Resources
  • Out of Memory Resources
  • Internal Errors
  • Compression Error Detected
  • Softboost-Hardboost Mismatch
  • Disk Drive is Degraded
  • NIC Watchdog Bypass Event
  • Disk is Fragmented
  • Network Unreachable
  • DNS Lookup Failed
  • Appliance in the Middle Intercepting Options
  • Major Internal Errors
  • Minor Internal Errors
  • Internal Warning
  • WCCP Detected Major Error
  • WCCP Detected Minor Error
  • WCCP Warning
  • Network Driver Hang Detected
  • Signaling Channel Establishment Error
  • SCPS Mode Mismatch Detected
  • CloudBridge Plug-in count is nearing its limit
  • SSL Communication Error
Internal Alerts

Contact your support representative if you receive Alert messages that are not represented on the Configure Settings: Alert page.

Some of these messages give guidance about whether you should contact us immediately or at your convenience.

Alert Messages

Potential error conditions are reported at one of three levels: they can be ignored, they can be logged, or they can be logged and also cause an Alert warning to appear at the top of the page.

The Alerts page lets you select the reporting for different types of error. Clicking on the link displays information about the outstanding alerts.

Figure 5. Alert Details Page

Alerts will clear themselves if the problem goes away for long enough (by default, for one hour).

Syslog Server Tab

Log entries can be sent to a syslog server at any IP you select.

Alert messages are sent with a severity level of “warning”. All other messages are sent with a severity of “info”.

Alert messages contain the string “ALERT:”.

All messages are sent to the syslog server, whether they are enabled in the Log Options tab or not.

An example of syslog output is shown below. The Appliance is identified through the management IP at the start of the message. Each message is formatted as a single line.
May 08 14:40:36 172.16.0.101 Open:69.59.212.183:3672 
Partner:172.16.0.102{00-13-72-3C-68-51}->207.47.50.203:443 
May 08 14:40:37 172.16.0.101 Connection Status: 
66.151.150.190:443<->69.59.212.183:3609 Duration:58.000 Sec 
May 08 14:40:37 172.16.0.101 Connection Status: 
207.47.50.203:443<->69.59.212.183:3668 Duration:0 Secs
Figure 6. Configure Settings: Syslog Server

SNMP Tab

This tab sets up SNMP monitoring of the Appliance. SNMP operation is disabled by default, but is enabled by the button at the top of the page. SNMP v1 and v2c are supported.

Figure 7. SNMP Tab

Fields on this page have their conventional meanings. Management access must be restricted by giving an IP or network number for the “management station.” However, this can be circumvented by setting the IP Bit mask to zero (equivalent to a bit mask of 0.0.0.0). To give access to any host on a Class C subnet, set the IP Bit Mask to 24 (equivalent to 255.255.255.0). To limit access to a single host, set the IP Bit Mask to 32 (equivalent to 255.255.255.255).

SNMP accesses are read-only; that is, monitoring but not configuration is supported by SNMP.

The parameters available via SNMP are documented in the .MIB files themselves.

Installing the SNMP MIB Files

SNMP MIB files can be downloaded from the links at the bottom of the page. The files reside on the Appliance. They must be loaded into the SNMP manager in the following order:
APPACCELERATION-PRODUCTS-MIB.txt 
APPACCELERATION-SMI.txt 
APPACCELERATION-STATUS-MIB.txt 
APPACCELERATION-TC.txt 
CITRIX-COMMON-MIB.txt