Citrix NetScaler XML API User's Guide

Home > Configuration > Basic > startnstrace

startnstrace

Use this method to start NetScaler packet capture tool. There should be at least 2 GB of free disk space for trace to start

Syntax

Parameters

Number of files to be generated in cycle.
Default value = 24.
Minimum value = 1.
Maximum value = 100.

time

Time per file (sec).
Default value = 3600.
Minimum value = 1.

size

Size of the captured data. Set 0 for full packet trace.
Default value = 164.
Maximum value = 1514.

mode

Capturing mode for trace. Mode can be any of the following values or combination of these values: RX Received packets before NIC pipelining (Filter does not work when RX capturing mode is ON) NEW_RX Received packets after NIC pipelining TX Transmitted packets TXB Packets buffered for transmission IPV6 Translated IPv6 packets C2C Capture C2C message NS_FR_TX TX/TXB packets are not captured in flow receiver. MPTCP MPTCP master flow HTTP_QUIC HTTP-over-QUIC stream data and stream events Default mode: NEW_RX TXB
Default value = DEFAULT_MODE.

pernic

Use separate trace files for each interface. Works only with cap format.
Default value = DISABLED.

filename

Name of the trace file.

fileid

ID for the trace file name for uniqueness. Should be used only with -name option.

filter

Filter expression for nstrace. Maximum length of filter is 255 and it can be of following format: [ ] = ( && | || ) =: CONNECTION...() = SRCIP = [ EQ | NE ] = A valid IPv4 address. example = CONNECTION.SRCIP.EQ(127.0.0.1) = DSTIP = [ EQ | NE ] = A valid IPv4 address. example = CONNECTION.DSTIP.EQ(127.0.0.1) = IP = [ EQ | NE ] = A valid IPv4 address. example = CONNECTION.IP.EQ(127.0.0.1) = SRCIPv6 = [ EQ | NE ] = A valid IPv6 address. example = CONNECTION.SRCIPv6.EQ(2001:db8:0:0:1::1) = DSTIPv6 = [ EQ | NE ] = A valid IPv6 address. example = CONNECTION.DSTIPv6.EQ(2001:db8:0:0:1::1) = IPv6 = [ EQ | NE ] = A valid IPv6 address. example = CONNECTION.IPv6.EQ(2001:db8:0:0:1::1) = SRCPORT = [ EQ | NE | GT | GE | LT | LE | BETWEEN ] = A valid port number. example = CONNECTION.SRCPORT.EQ(80) = DSTPORT = [ EQ | NE | GT | GE | LT | LE | BETWEEN ] = A valid port number. example = CONNECTION.DSTPORT.EQ(80) = PORT = [ EQ | NE | GT | GE | LT | LE | BETWEEN ] = A valid port number. example = CONNECTION.PORT.EQ(80) = VLANID = [ EQ | NE | GT | GE | LT | LE | BETWEEN ] = A valid VLAN ID. example = CONNECTION.VLANID.EQ(0) = CONNID = [ EQ | NE | GT | GE | LT | LE | BETWEEN ] = A valid PCB dev number. example = CONNECTION.CONNID.EQ(0) = PPEID = [ EQ | NE | GT | GE | LT | LE | BETWEEN ] = A valid core ID. example = CONNECTION.PPEID.EQ(0) = SVCNAME = [ EQ | NE | CONTAINS | STARTSWITH | ENDSWITH ] = A valid text string. example = CONNECTION.SVCNAME.EQ("name") = LB_VSERVER.NAME = [ EQ | NE | CONTAINS | STARTSWITH | ENDSWITH ] = LB vserver name. example = CONNECTION.LB_VSERVER.NAME.EQ("name") = CS_VSERVER.NAME = [ EQ | NE | CONTAINS | STARTSWITH | ENDSWITH ] = CS vserver name. example = CONNECTION.CS_VSERVER.NAME.EQ("name") = INTF = [ EQ | NE ] = A valid interface id in the form of x/y. example = CONNECTION.INTF.EQ("x/y") = SERVICE_TYPE = [ EQ | NE ] = ( SVC_HTTP | FTP | TCP | UDP | SSL | SSL_BRIDGE | SSL_TCP | NNTP | RPCSVR | RPCSVRS | RPCCLNT | SVC_DNS | ADNS | SNMP | RTSP | DHCPRA | ANY| MONITOR | MONITOR_UDP | MONITOR_PING | SIP_UDP | SVC_MYSQL | SVC_MSSQL | FIX | SSL_FIX | PKTSTEER | SVC_AAA | SERVICE_UNKNOWN ) example = CONNECTION.SERVICE_TYPE.EQ(ANY) = TRAFFIC_DOMAIN_ID = [ EQ | NE | GT | GE | LT | LE | BETWEEN ] = A valid traffic domain ID. example = CONNECTION.TRAFFIC_DOMAIN_ID.EQ(0) eg: start nstrace -filter "CONNECTION.SRCIP.EQ(127.0.0.1) || (CONNECTION.SVCNAME.NE("s1") && CONNECTION.SRCPORT.EQ(80))" The filter expression should be given in double quotes. common use cases: Trace capturing full sized traffic from/to ip 10.102.44.111, excluding loopback traffic start nstrace -size 0 -filter "CONNECTION.IP.NE(127.0.0.1) && CONNECTION.IP.EQ(10.102.44.111)" Trace capturing all traffic to (terminating at) port 80 or 443 start nstrace -size 0 -filter "CONNECTION.DSTPORT.EQ(443) || CONNECTION.DSTPORT.EQ(80)" Trace capturing all backend traffic specific to service service1 along with corresponding client side traffic start nstrace -size 0 -filter "CONNECTION.SVCNAME.EQ("service1")" -link ENABLED Trace capturing all traffic through NetScaler interface 1/1 start nstrace -filter "CONNECTION.INTF.EQ("1/1")" Trace capturing all traffic specific through vlan 2 start nstrace -filter "CONNECTION.VLANID.EQ(2)" Trace capturing all frontend (client side) traffic specific to lb vserver vserver1 along with corresponding server side traffic start nstrace -size 0 -filter "CONNECTION.LB_VSERVER.NAME.EQ("vserver1")" -link ENABLED

link

Includes filtered connection's peer traffic.
Default value = DISABLED.

nodes

Nodes on which tracing is started.
Maximum value = 32.

filesize

File size, in MB, treshold for rollover. If free disk space is less than 2GB at the time of rollover, trace will stop
Default value = 1024.
Maximum value = 10240.

traceformat

Format in which trace will be generated
Default value = 0.

merge

Specify how traces across PE's are merged
Default value = 0.

doruntimecleanup

Enable or disable runtime temp file cleanup
Default value = ENABLED.

tracebuffers

Number of 16KB trace buffers
Default value = 5000.
Minimum value = 1000.

skiprpc

skip RPC packets
Default value = DISABLED.

skiplocalssh

skip local SSH packets
Default value = DISABLED.

capsslkeys

Capture SSL Master keys. Master keys will not be captured on FIPS machine. Warning: The captured keys can be used to decrypt information that may be confidential. The captured key files have to be stored in a secure environment
Default value = DISABLED.

capdroppkt

Captures Dropped Packets if set to ENABLED.
Default value = DISABLED.

inmemorytrace

Logs packets in appliance's memory and dumps the trace file on stopping the nstrace operation
Default value = DISABLED.

Return Value

Returns simpleResult

See Also

dumpnstrace

getnstrace

stopnstrace