cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Netscaler polling – Solarwinds API Edition

Netscaler polling – Solarwinds API Edition

Preface

So, the new API polling has opened up a lot of doors. Everything has a REST API! Likewise, so do Netscalers. By definition I was determined to figure out how to make this work.   It took a bit of effort and a bit of reference knowledge.

This was tested on SAM 2019.4 and Netscaler 14K’s and virtual appliance Netscalers.

Some information can be found at https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/statistics/load-balancing/lbv... - where they provide some examples of how to poll the data.

We have information available to us from solarwinds at https://support.solarwinds.com/SuccessCenter/s/article/SAM-2019-4-feature-API-Poller . https://documentation.solarwinds.com/en/Success_Center/sam/Content/SAM-API-Poller-Add.htm . This is the actual picture example similar to below, for reference. What I added is the special sauce for netscaler.

Requirements

A valid HTTPS certificate on your load balancer’s web interface (if not, you’re using HTTP and well…yeah – that’s not good)

A login to the netscaler, both for you and the credential you intend to use (as far as I know, someone who knows netscaler probably knows how to get your service account more granular).

Names for the netscalers you want to poll.

Determining Data to Gather from the Citrix Netscalers

Step 1:

Log into netscaler, go to Traffic Management -> Load Balancing -> Virtual Servers

pastedImage_0.png

Search and find the name of the load balancer you want. The name there is what you’re looking for. This is what you’re going to be pointing the API poller to.

Step 2:

Go to the Node in Orion and go to “create API”. You’ll notice that after this point looks like the solarwinds reference document a bit.

  pastedImage_1.png

Go to configure and add the appropriate credential you have for the Netscalers to pull this information. That’s under configure in the top right after you go to “create” for the API poller. Also, whatever you name it in the credentials area (UX!!!!! *shakes fist*) is what will show up under the image above – so if you call it in the credential/config area “random API poller test” then under this dropdown of “API Poller” you’ll see “random API poller test” as the name.

For the query, you’re looking for https://{NETSCALER-FQDN}/nitro/v1/stat/lbvserver . See reference at the start of this document. So, Citrix has a “Nitro” API for when we’re polling data and not changing anything.

Replace {NETSCALER-FQDN} with the name of your netscaler. So if your netscaler is booboo1, then the link is https://booboo1/nitro/v1/stat/lbvserver to test seeing ALL of the load balancer groups.

As referenced in the citrix api:

get (all)

URL:

http://<netscaler-ip-address>/nitro/v1/stat/lbvserver

This is how you make sure it works, at a basic level. When it works, you get this when you send a query.  Which should be loaded differently, but each number there starting from zero is incrementing and listing each of the load balancer groups you have.

pastedImage_4.png

Now, you need that netscaler name to make the rest work. You don’t have to get too granular. The API references a lot of options, but you can pick what you want out of the results anyway. In my case:

https://{NETSCALER-FQDN}/nitro/v1/stat/lbvserver?args=name:{VIRTUALSERVERNAME}

Citrix Reference document says: args

http://<netscaler-ip-address>/nitro/v1/stat/lbvserver?args=name:<String_value>,detail:<Boolean_value>,fullvalues:<Boolean_value>,ntimes:<Double_value>,logfile:<String_value>,clearstats:<String_value>,sortby:<String_value>,sortorder:<String_value>,sortorder:<String_value>

Use this query-parameter to get lbvserver resources based on additional properties.

However, we don’t need to say I need value a/b/c because solarwinds already does this for you.

So, here's the metric in question from one of my netscalers. I monitor the VSLB health, which tells you when something has dropped (percentage value).

pastedImage_0.png

When this is done, you can then poll the Netscaler and pick what metric you want when you click on the little monitor icon on the right side next to the metric you want to obtain! Happy monitoring!

   pastedImage_5.png

A few side-points here that are confusing:

Once you click the monitor icon, you have to name what you’re getting/displaying. So, I’d name one of mine VS_LB_CASMAPI.

As a result, you can put the load balancers in a group and the API pollers into a child like this:

pastedImage_6.png

Oh, and at a bonus: you get to put all these tasty metrics straight into perfstack. Just click on the results from the node itself. (This needs to be it's own page in the future, IMO).

  pastedImage_7.png

Have you read all this? Are you exhausted? Should this be a SAM template? Maybe. Do we need more #darktheme​ ? yes.

Let me know how this goes! Tell me what else you’ve found?  What doesn’t work and does work? Does this work for you?

edit: added photo of VSLB health

24 Replies

This is Thwack at its finest. Thank you, designerfx​ (and KMSigma​)!

did it work for you sir?

0 Kudos

Hoping to be able to provide feedback soon! For various reasons, we've decided to defer our upgrade to 2019.4.

sturdyerde  wrote:

Hoping to be able to provide feedback soon! For various reasons, we've decided to defer our upgrade to 2019.4.

Do you have any urls you want to try? We could do a user session with you with beta bits if you're interested.

0 Kudos

Yes, I've been eyeing the Cloudflare API for some useful data.

Also good news: I'm going to kick off the upgrade from 2019.2 to 2019.4 this morning!

Done! It took less than 2 hours to upgrade main, APE, and AWS. No errors or hangups.

sturdyerde  wrote:

Done! It took less than 2 hours to upgrade main, APE, and AWS. No errors or hangups.

Awesome! I'll schedule some time with you to chat.

Great work!

Paul

Level 9

You rock designerfx​!!!  I was trying to go after the "Status" but I see that vslbhealth is even better!  Thank you.

bmoline​ my colleague pointed out that it's better to see when something drops than updown, so yeah I set the alert to <95 and <67 I think, because some of our load balancers are only putting 3 servers into a group. Happy to help!

Hey quick question, are there any tricks on getting around the certificate check? We have another product we are attempting to connect with that has self signed certs and it's failing on the "could not establish trust relationship for the ssl/tls secure channel".  Yes, the best solution we know is getting those CA-signed certs … but thought I would ask.

0 Kudos

bmoline​ you have two options.

1: wait for serena​ to get my FR implemented (already in working on) to bypass the invalid cert problem. Test it in beta!

2: use HTTP for now (blech, I know).

SAM 2020.2 introduced option to skip SSL certificatite verification: https://thwack.solarwinds.com/t5/SAM-Documents/Server-amp-Application-Monitor-SAM-2020-2-is-Now-Gene...

Have fun! 

Downloaded the Beta to our Dev environment, bypassing cert issue worked seamless! Great job, now on to the next question.  We are attempting to connect to Tintri's API which requires you to establish a log in first.  Is there a way to do this in Solarwinds?

We tested this successfully by using Postman and using the POST session/login with the BODY login/password as recommend by the Tintri API doc and then follow that session with the GET to pull down the API resources.  Hoping there will be a way to duplicate this within the Solarwinds API function, thoughts? @designerfx @serena   Thank you

Ah you're looking for chaining of the output of one response and passing it into a parameter for a secondary request correct? I'm super interested in talking with you more about this - would you be willing to join us on a user session? 

Yes you are correct.  I would be interested in a user session.  I'm not sure of our availability in the coming weeks but we can try to set something up. 

designerfx  wrote:

bmoline  you have two options.

1: wait for serena  to get my FR implemented (already in working on) to bypass the invalid cert problem. Test it in beta!

2: use HTTP for now (blech, I know).

bmoline the SAM beta is live in the beta forum. Join us there, as I've written up some new content utilizing that skip certificate functionality. We'd love to have you test it out for your use case and give us earlier feedback.

@serena can I please get access to the SAM Beta section? I can't seem to be able to access it

0 Kudos

@serena Nope. It's prompting for user and password and my thwack credentials do not seem to work.

0 Kudos