Last update: May 8th 2023 There are several use cases for geo-location information in Citrix ADC / NetScaler. It may be helpful with WAF logs. I am European, I won’t spend much time on a positive, if the log comes from North Korea, but I would consider it to be a “false positive”, if it comes from Germany, Italy or Sweden. Even though I would not consider it to be secure...
Sometimes, people want to know, how to extract data from APPFW logs. That’s easy, it is in /var/log/ns.log (and it’s predecessors, these ns.log.XX.gz). grep APPFW ns.log will extract all application firewall logs. zcat ns.log.*.gz |grep APPFW will do the same to the old logs. Unfortunately this will give you a terrible mess of output. It’s hardly possible to find false positives...
last update: October 2nd 2018 This is the second part of debugging logon. The first one, a network trace about LDAP, may be found here. Citrix ADC / NetScaler logs all events related to AAA (authentication, authorization, auditing) to /tmp/aaad.debug You need to be nsroot or superuser to successfully log on to the BSD shell. This is a requirement to change to BSD shell. Change to the /tmp...
Last update: Nov 21th, 2018 tested using firmware 11.1 If you read about slowloris, you always read about NetScaler doing a great job. Tests in our lab environment show: NetScaler will successfully block these attacks. And there is hardly anything we have to do about it: It’s built into the system. Great news indeed! The only thing we have to do is reduce client idle timeout to a lower...
last update: October 22nd 2021 Citrix NetScaler Logging and policy troubleshooting Some times it’s quite hard to understand what’s going on. There is a lot of mystics about policies. And it’s even harder to understand what went on (past tense). “Johannes, there had been several problems connecting to <any blabla application here>” “I’m sorry, I...