Monitoring Citrix Netscaler with Check_MK

Hey there,

it’s at the time to share my experiences with the monitoring of Citrix Netscaler with Check_MK (below called CMK).

The so-called innovation release of CMK 1.2.7i contains some checks for Netscaler that are based on SNMP:

netscaler_cpu
netscaler_dnsrates
netscaler_ha
netscaler_health
netscaler_mem
netscaler_tcp_conns
netscaler_vserver

If you are still using 1.2.6 (the stable version at this time pint of writing this article) like I am doing you can grab the files from the public GIT repository and put all of them into the local directory of your CMK site: local/share/check_mk/checks/

Additionally you can create customized pnp-templates for some of the checks like this:

$ cd local/share/check_mk/pnp-templates
$ ln -s /opt/omd/versions/default/share/check_mk/pnp-templates/check_mk-juniper_screenos_mem.php check_mk-netscaler_mem.php
$ ln -s /opt/omd/versions/default/share/check_mk/pnp-templates/template-temperature.php check_mk-netscaler_health.temp.php

I’ve created a new check (by cloning of one of the listed above) an called it netscaler_aaa_sessions. It is intended to monitor the number of active AAA sessions. Such AAA sessions are for example SSL VPN connections. By monitoring of the AAA sessions you can collect statistics about the number of clients connected via SSL VPN over time.

The package can be downloaded from the official CMK site for 3rd party packages.

Sometimes you’ve got a pair of Netscaler boxes building a HA cluster. One of them is active, the another one is standby and is waiting for its chance. In this scenario you would monitor both boxes and both of them would have the very same check results for example for VS (virtual servers). If a backend system behind the VS goes down, both services are affected and change their stratus to not OK and you receive notifications from both services. Everything is doubled. To avoid situations like this you can be using one of absolute powerful features of CMK: cluster monitoring.

Creating a cluster in CMK to monitor a Netscaler HA cluster

Assume your 2 Netscaler boxes are called ns1 and ns2. The service discovery has worked fine and now you’ve got some services at each of the boxes like “CPU utilization”, “Memory usage”, “HA Node Status” and many others. Among them you should have some services based on the check netscaler_vserver and whose names begin with VServer. Our goal is to create a cluster host (in terms of CMK) that contains all VServer services.

It’s pretty simple:

  • Go to WATO->Hosts, navigate to the folder containing your 2 Netscalers and click on “Create new cluster”. Fill in all needed information and first of all type in the names of the Netscalers ns1 and ns2. Save the new cluster. Name the new cluser ns.
  • Go to WATO->Host & Service Parameters->Monitoring Configuration and open “Clustered services” in section “Inventory and Check_MK settings”.
  • Create a new rule and enable “Specify explicit host names” under “Explicit hosts”. After that enter the names of the Netscalers ns1 and ns2 there.
  • Enable “Specify explicit values” under “Services” and enter this: “VServer” and “AAA Sessions” (without quotation marks). Save the rule.
  • Activate the changes.
  • Verify that the services whose names begin with VServer have moved from the hosts ns1 and ns2 to the cluster ns.
  • That’s it.

2 thoughts on “Monitoring Citrix Netscaler with Check_MK

  1. Eric

    Thank you for sharing this information!

    However, I’m not able to monitor both HA nodes within the cluster, only the active node is readable with SNMP, when I do a failover between the two nodes the SNMP readable is non-readable and vice versa. Both HA nodes have a dedicated management IP and are both resolvable with ICMP.
    I’m using OMD Check_MK 1.2.8p13…

    What else did you change on the configuration to read both HA nodes (primary and secondary)? Or was it working out of the box?

    Reply
  2. Hermann Maurer Post author

    Hi Eric,

    Can’t you receive any response to your SNMP requests to the secondary node? I don’t remember, if I needed to configure each node independently. But it might be worth to try out. If I will recall, I look at the configuration tomorrow.

    BR
    Hermann

    Reply

Leave a Reply to Hermann Maurer Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.