|
|
|
The getnstraceResult structure defines the return type for getnstrace API. |
|
Syntax |
|
|
|
|
|
Members |
|
rc |
|
If the method succeeds, rc is 0 else rc > 0. Values above 0x8000 indicate Warnings. |
|
message |
|
If the method succeeds, message is NULL else message contains Error/Warning message. |
|
nstraceList |
|
List of nstraces |
|
|
|
|
The nstrace structure defines the actual return type values for getnstrace API. |
|
Syntax |
|
|
|
|
|
Members |
|
state |
|
Current running state of trace. |
|
scope |
|
Scope of started trace, local or cluster level. |
|
tracelocation |
|
Directory where current trace files are saved. |
|
nf |
|
Number of files to be generated in cycle. |
|
time |
|
Time per file (sec). |
|
size |
|
Size of the captured data. Set 0 for full packet trace. |
|
mode |
|
Capturing mode for trace. Mode can be any of the following values or combination of these values:
RX Received packets before NIC pipelining (Filter does not work when RX capturing mode is ON)
NEW_RX Received packets after NIC pipelining
TX Transmitted packets
TXB Packets buffered for transmission
IPV6 Translated IPv6 packets
C2C Capture C2C message
NS_FR_TX TX/TXB packets are not captured in flow receiver.
MPTCP MPTCP master flow
HTTP_QUIC HTTP-over-QUIC stream data and stream events
Default mode: NEW_RX TXB |
|
traceformat |
|
Format in which trace will be generated
|
|
pernic |
|
Use separate trace files for each interface. Works only with cap format. |
|
filename |
|
Name of the trace file. |
|
fileid |
|
ID for the trace file name for uniqueness. Should be used only with -name option. |
|
filter |
|
Filter expression for nstrace. Maximum length of filter is 255 and it can be of following format:
[ ]
= ( && | || )
=:
CONNECTION...()
= SRCIP
= [ EQ | NE ]
= A valid IPv4 address.
example = CONNECTION.SRCIP.EQ(127.0.0.1)
= DSTIP
= [ EQ | NE ]
= A valid IPv4 address.
example = CONNECTION.DSTIP.EQ(127.0.0.1)
= IP
= [ EQ | NE ]
= A valid IPv4 address.
example = CONNECTION.IP.EQ(127.0.0.1)
= SRCIPv6
= [ EQ | NE ]
= A valid IPv6 address.
example = CONNECTION.SRCIPv6.EQ(2001:db8:0:0:1::1)
= DSTIPv6
= [ EQ | NE ]
= A valid IPv6 address.
example = CONNECTION.DSTIPv6.EQ(2001:db8:0:0:1::1)
= IPv6
= [ EQ | NE ]
= A valid IPv6 address.
example = CONNECTION.IPv6.EQ(2001:db8:0:0:1::1)
= SRCPORT
= [ EQ | NE | GT | GE | LT | LE
| BETWEEN ]
= A valid port number.
example = CONNECTION.SRCPORT.EQ(80)
= DSTPORT
= [ EQ | NE | GT | GE | LT | LE
| BETWEEN ]
= A valid port number.
example = CONNECTION.DSTPORT.EQ(80)
= PORT
= [ EQ | NE | GT | GE | LT | LE
| BETWEEN ]
= A valid port number.
example = CONNECTION.PORT.EQ(80)
= VLANID
= [ EQ | NE | GT | GE | LT | LE
| BETWEEN ]
= A valid VLAN ID.
example = CONNECTION.VLANID.EQ(0)
= CONNID
= [ EQ | NE | GT | GE | LT | LE
| BETWEEN ]
= A valid PCB dev number.
example = CONNECTION.CONNID.EQ(0)
= PPEID
= [ EQ | NE | GT | GE | LT | LE
| BETWEEN ]
= A valid core ID.
example = CONNECTION.PPEID.EQ(0)
= SVCNAME
= [ EQ | NE | CONTAINS | STARTSWITH
| ENDSWITH ]
= A valid text string.
example = CONNECTION.SVCNAME.EQ("name")
= LB_VSERVER.NAME
= [ EQ | NE | CONTAINS | STARTSWITH
| ENDSWITH ]
= LB vserver name.
example = CONNECTION.LB_VSERVER.NAME.EQ("name")
= CS_VSERVER.NAME
= [ EQ | NE | CONTAINS | STARTSWITH
| ENDSWITH ]
= CS vserver name.
example = CONNECTION.CS_VSERVER.NAME.EQ("name")
= INTF
= [ EQ | NE ]
= A valid interface id in the
form of x/y.
example = CONNECTION.INTF.EQ("x/y")
= SERVICE_TYPE
= [ EQ | NE ]
= ( SVC_HTTP | FTP | TCP | UDP | SSL |
SSL_BRIDGE | SSL_TCP | NNTP | RPCSVR | RPCSVRS |
RPCCLNT | SVC_DNS | ADNS | SNMP | RTSP | DHCPRA | ANY|
MONITOR | MONITOR_UDP | MONITOR_PING | SIP_UDP |
SVC_MYSQL | SVC_MSSQL | FIX | SSL_FIX | PKTSTEER |
SVC_AAA | SERVICE_UNKNOWN )
example = CONNECTION.SERVICE_TYPE.EQ(ANY)
= TRAFFIC_DOMAIN_ID
= [ EQ | NE | GT | GE | LT | LE
| BETWEEN ]
= A valid traffic domain ID.
example = CONNECTION.TRAFFIC_DOMAIN_ID.EQ(0)
eg: start nstrace -filter "CONNECTION.SRCIP.EQ(127.0.0.1) || (CONNECTION.SVCNAME.NE("s1") && CONNECTION.SRCPORT.EQ(80))"
The filter expression should be given in double quotes.
common use cases:
Trace capturing full sized traffic from/to ip 10.102.44.111, excluding loopback traffic
start nstrace -size 0 -filter "CONNECTION.IP.NE(127.0.0.1) && CONNECTION.IP.EQ(10.102.44.111)"
Trace capturing all traffic to (terminating at) port 80 or 443
start nstrace -size 0 -filter "CONNECTION.DSTPORT.EQ(443) || CONNECTION.DSTPORT.EQ(80)"
Trace capturing all backend traffic specific to service service1 along with corresponding client side traffic
start nstrace -size 0 -filter "CONNECTION.SVCNAME.EQ("service1")" -link ENABLED
Trace capturing all traffic through NetScaler interface 1/1
start nstrace -filter "CONNECTION.INTF.EQ("1/1")"
Trace capturing all traffic specific through vlan 2
start nstrace -filter "CONNECTION.VLANID.EQ(2)"
Trace capturing all frontend (client side) traffic specific to lb vserver vserver1 along with corresponding server side traffic
start nstrace -size 0 -filter "CONNECTION.LB_VSERVER.NAME.EQ("vserver1")" -link ENABLED |
|
link |
|
Includes filtered connection's peer traffic. |
|
nodes |
|
Nodes on which tracing is started.
|
|
merge |
|
Specify how traces across PE's are merged
|
|
doruntimecleanup |
|
Enable or disable runtime temp file cleanup |
|
tracebuffers |
|
Number of 16KB trace buffers |
|
skiprpc |
|
skip RPC packets |
|
skiplocalssh |
|
skip local SSH packets |
|
capsslkeys |
|
Capture SSL Master keys. Master keys will not be captured on FIPS machine.
Warning: The captured keys can be used to decrypt information that may be confidential. The captured key files have to be stored in a secure environment |
|
capdroppkt |
|
Captures Dropped Packets if set to ENABLED. |
|
inmemorytrace |
|
Logs packets in appliance's memory and dumps the trace file on stopping the nstrace operation |
|
_nextgenapiresource |
|
|
|
See Also |
|
|
|