SSL Logs Test

A Citrix ADC appliance communicates via a secure communication channel with other servers and clients. The ADC appliance uses SSL for a safe and secure transaction. If the SSL communication channels suffer a set back with an expired SSL certificate or a number of SSL handshake failures, then the NetsScaler appliance may be prone to malicious attacks. In order to secure the ADC appliance, administrators should constantly keep a check on the SSL certficates, handskahes and the Certificate Revocation lists. The SSL Logs test exactly helps administrators in this regard. Using this test, administrators can figure out the success and failure count of the SSL handshakes and also be proactively warned of an impending SSL certificate expiry. In addition, this test reports the number of times the Certifcate Revocation List (CRL) was updated successfully and the number of times the CRL update failed. This way, administrators can be proactively alerted to potential security threats (if any) and secure the ADC appliance from malicious attacks.

For this test to run and report metrics, the ADC appliance should be configured to create a Syslog file in a remote Syslog server, where the details of all interactions with the ADC appliance will be logged. To know how to configure a remote Syslog server for the use of the ADC appliance, refer to Creating a Syslog file in a remote Syslog servertopic.

This test is disabled by default. To enable the test, follow the Agents -> Tests -> Enable/Disable menu sequence in the eG administrative interface, pick Citrix ADC VPX/MPX as the Component type, select Performance as the Test type, choose this test from the list of disabled tests list, and click on the < button.

Target of the test : An ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the ADC appliance being monitored.

Target of the test : A ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the ADC appliance being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed

Host

The IP address of the host for which the test is being configured.

Port

The port at which the host listens. By default, this is NULL.

Log File Path

This test reports metrics by parsing a Syslog file. Specify the full path to the Syslog file here.

Search String

By default, the Syslog file may contain information relating to a number of servers that are inter linked with the target ADC appliance. In order to obtain the metrics of the target ADC appliance alone, specify the hostname or the IP address of the target ADC appliance for which the logs are to be read from the syslog file, in the Search String text box. Using this search string the information in the Syslog file may be parsed and metrics may be collected.

Search String Index

Here, specify the cursor position after which the eG agent should search for the specified Search String (or the position up to which the eG agent should ignore while searching for the specified Search String) in the syslog file. For example, if the specified Search String appears in the syslog file at the 17th position, then you may need to specify the Search String as 16.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Successful SSL handshakes

Indicates the number of SSL handshakes that were successful on the ADC appliance.

Number

 

Failed SSL handshakes

Indicates the number of SSL handshakes that failed on the ADC appliance.

Number

Ideally, the value of this measure should be zero. A high value for this measure is a cause of concern as this may affect the communication between the server and client.

Imminent SSL certificate expiry

Indicates the number of SSL certificates that are about to expire.

Number

The detailed diagnosis of this measure if enabled, lists the SSL Certificate key pairs that are about to expire and the number of days for expiry.

Successful SSL CRL updates

Indicates the number of times the SSL Certificate Revocation List was updated successfully.

Number

From time to time, Certificate Authorities (CAs) issue certificate revocation lists (CRLs). CRLs contain information about certificates that can no longer be trusted. A certificate can be revoked if the private key is compromised or if that certificate expired and a new one is in use.

A high value for this measure indicates that the CRLs are updated continuously which implies that the ADC device is highly secure.

Failed SSL CRL updates

Indicates the number of times the SSL Certificate Revocation List failed to update.

Number

Ideally, the value of this meaure should be zero.

A high value for this measure indicates a serious threat to the security of the ADC device.

SSL VPN license limit reached

Indicates the number of times the SSL VPN license limit was reached.

Number