Authentication Errors Test

Authentication processing in NetScaler is handled by the Authentication, Authorization, and Auditing (AAA) daemon. The raw authentication events that AAA daemon processes serves as a valuable troubleshooting tool. The following issues can be easily troubleshooted with the help of the authentication events:

  • General authentication errors

  • Username/password failures

  • Authentication policy configuration errors?

  • Group extraction discrepancies

In certain critical environments, even a single user login failure may result in huge performance issues of the environment. In such cases, it becomes mandatory for the administrators to constantly keep a vigil on the user login failures in their environment. The Authentication Errors test helps administrators to keep a track on the user login failure and take necessary steps to avoid login failures.

This test helps the administrators to track the number of user login failures on the target ADC appliance.

Target of the test : An ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the ADC appliance being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed


The IP address of the host for which the test is being configured.

Log File Path

This test reports metrics by parsing a Syslog file. Specify the full path to the Syslog file in this text box. To enable the remote agent to parse the Syslog file, ensure the following:

  • The Syslog server should be running on the remote agent host

  • The Syslog file should be accessible and readable by the remote agent.

To know how to forward the NetScaler events to the syslog file the Syslog server where the NetScaler will be creating this file, refer Exporting NetScaler Events to Syslog Server.

Search String

By default, the Syslog file contains events forwarded by several servers. In order to obtain metrics for a specific ADC appliance, specify the hostname or the IP address of the target ADC appliance for which events are to be read from the syslog file, in the Search String text box. Using this search string the information in the Syslog file is parsed and metrics are collected.

Search String Index

In this text box, specify the cursor position after which the eG agent should search for the specified Search String (or the position upto which the eG agent should ignore while searching for the specified Search String) in the syslog file. For example, if the specified Search Sting appears in the syslog file at the 17th position, then you may need to specify the Search String Index as 16.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

AAA failed logins

Indicates the number of user logins that failed authentication during the last measurement period.


A low value is desired for this measure.

The most common cause of this measure to shoot up is due to the improper configuration of LDAP Authentication servers. The user logins may also fail due to incorrect password typed by the user, improper authentication policy configuration, firewall issues etc.

Exporting NetScaler Events to Syslog Server

To export NetScaler events to the Syslog server, do the following:

  1. Connect to the NetScaler management console from your browser using the URL: <http://NetScaler host:port>.

  2. Login to the NetScaler management console as an administrator.

  3. Expand the System node in the NetScaler management console and further expanding the Auditing node will lead you to the Syslog option. Then, click the Syslog option.

  4. This will bring up a Policies tab and a Servers tab in the right panel, where you can configure Policies for a Syslog server, configure a remote Syslog server and enable Syslog file creation on the server. Selecting the Servers tab will lead you to the page where you can configure the Syslog server in which the Syslog file should be created.

  5. To configure a new Syslog server, click the Add button. This will invoke Create Auditing Server page.

  6. In the Create Auditing Server page, enter the Name of the Syslog server.

  7. Then, enter the IP address of the Syslog server in the IP Address text box

  8. Enter the Port at which the Syslog server listens.

  9. Then, indicate what details should be logged in the Syslog file. For the eG tests to work, set the Log Levels flag to ALL.

  10. Set the Time Zone to Local and select the check boxes against TCP Logging, ACL Logging, User Configurable Log Messages and AppFlow Logging. Even though the syslog file is populated with the log messages, the metrics will be displayed in the eG Monitor interface only when these checkboxed are checked.

  11. Finally, click the Create button to configure the Syslog server.