SSL Logs Test
A Citrix ADC appliance communicates via a secure communication channel with other servers and clients. The ADC appliance uses SSL for a safe and secure transaction. If the SSL communication channels suffer a set back with an expired SSL certificate or a number of SSL handshake failures, then the NetsScaler appliance may be prone to malicious attacks. In order to secure the ADC appliance, administrators should constantly keep a check on the SSL certficates, handskahes and the Certificate Revocation lists. The SSL Logs test exactly helps administrators in this regard. Using this test, administrators can figure out the success and failure count of the SSL handshakes and also be proactively warned of an impending SSL certificate expiry. In addition, this test reports the number of times the Certifcate Revocation List (CRL) was updated successfully and the number of times the CRL update failed. This way, administrators can be proactively alerted to potential security threats (if any) and secure the ADC appliance from malicious attacks.
For this test to run and report metrics, the ADC appliance should be configured to create a Syslog file in a remote Syslog server, where the details of all interactions with the ADC appliance will be logged. To know how to configure a remote Syslog server for the use of the ADC appliance, refer to Creating a Syslog file in a remote Syslog servertopic.
This test is disabled by default. To enable the test, follow the Agents -> Tests -> Enable/Disable menu sequence in the eG administrative interface, pick Citrix ADC VPX/MPX as the Component type, select Performance as the Test type, choose this test from the list of disabled tests list, and click on the < button.
Target of the test : An ADC VPX/MPX
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the ADC appliance being monitored.
Target of the test : A ADC VPX/MPX
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the ADC appliance being monitored.
Parameter | Description |
---|---|
Test Period |
How often should the test be executed |
Host |
The IP address of the host for which the test is being configured. |
Port |
The port at which the host listens. By default, this is NULL. |
Log File Path |
This test reports metrics by parsing a Syslog file. Specify the full path to the Syslog file here. |
Search String |
By default, the Syslog file may contain information relating to a number of servers that are inter linked with the target ADC appliance. In order to obtain the metrics of the target ADC appliance alone, specify the hostname or the IP address of the target ADC appliance for which the logs are to be read from the syslog file, in the Search String text box. Using this search string the information in the Syslog file may be parsed and metrics may be collected. |
Search String Index |
Here, specify the cursor position after which the eG agent should search for the specified Search String (or the position up to which the eG agent should ignore while searching for the specified Search String) in the syslog file. For example, if the specified Search String appears in the syslog file at the 17th position, then you may need to specify the Search String as 16. |
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency. |
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Successful SSL handshakes |
Indicates the number of SSL handshakes that were successful on the ADC appliance. |
Number |
|
Failed SSL handshakes |
Indicates the number of SSL handshakes that failed on the ADC appliance. |
Number |
Ideally, the value of this measure should be zero. A high value for this measure is a cause of concern as this may affect the communication between the server and client. |
Imminent SSL certificate expiry |
Indicates the number of SSL certificates that are about to expire. |
Number |
The detailed diagnosis of this measure if enabled, lists the SSL Certificate key pairs that are about to expire and the number of days for expiry. |
Successful SSL CRL updates |
Indicates the number of times the SSL Certificate Revocation List was updated successfully. |
Number |
From time to time, Certificate Authorities (CAs) issue certificate revocation lists (CRLs). CRLs contain information about certificates that can no longer be trusted. A certificate can be revoked if the private key is compromised or if that certificate expired and a new one is in use. A high value for this measure indicates that the CRLs are updated continuously which implies that the ADC device is highly secure. |
Failed SSL CRL updates |
Indicates the number of times the SSL Certificate Revocation List failed to update. |
Number |
Ideally, the value of this meaure should be zero. A high value for this measure indicates a serious threat to the security of the ADC device. |
SSL VPN license limit reached |
Indicates the number of times the SSL VPN license limit was reached. |
Number |
|