Categorygithub.com/jbvmio/citrix-netScaler-exporter
modulepackage
0.0.0-20200320013909-c9537b68dfdc
Repository: https://github.com/jbvmio/citrix-netscaler-exporter.git
Documentation: pkg.go.dev

# README

Prometheus exporter for Citrix NetScaler

This exporter collects statistics from Citrix NetScaler and makes them available for Prometheus to pull. As the NetScaler is an appliance it's not recommended to run the exporter directly on it, so it will need to run elsewhere.

NetScaler configuration

The exporter works via a local NetScaler user account. It would be preferable to configure a specific user for this which only has permissions to retrieve stats and specific configuration details.

If you lean towards the NetScaler CLI, you want to do something like the following (obviously changing the username as you see fit).

# Create a new Command Policy which is only allowed to run the stat command
add system cmdPolicy stat ALLOW (^stat.*|show ns license|show serviceGroup)

# Create a new user.  Disabling externalAuth is important as if it is enabled a user created in AD (or other external source) with the same name could login
add system user stats "password" -externalAuth DISABLED # Change the password to reflect whatever complex password you want

# Bind the local user account to the new Command Policy
bind system user stats stat 100

Usage

You can monitor multiple NetScaler instances by passing in the URL, username, and password as command line flags to the exporter. If you're running multiple exporters on the same server, you'll also need to change the port that the exporter binds to.

FlagDescriptionDefault Value
usernameUsername with which to connect to the NetScaler APInone
passwordPassword with which to connect to the NetScaler APInone
bind_portPort to bind the exporter endpoint to9280
debugEnable debug loggingfalse

Run the exporter manually using the following command:

Citrix-NetScaler-Exporter.exe --username stats --password "my really strong password"

This will run the exporter using the default bind port. If you need to change the port, append the -bind_port flag to the command.

Browse to http://localhost:9280/target=https://netscaler.domain.tld where https://netscaler.domain.tld is the URL of the NetScaler to get metrics from.

You can also specify the ignore-cert=yes querystring parameter in order to skip the certificate check. This option should be used sparingly, and only when you fully trust the endpoint.

Prometheus Configuration

The exporter needs to be passed the address of the NetScaler to get metrics from as a parameter, this can be done with relabelling.

Example config:

scrape_configs:
  - job_name: 'netscaler'
    metrics_path: /netscaler
    static_configs:
      - targets:
        - 'https://netscaler.domain.tld'
        - 'https://netscaler-2.domain.tld'
    params:
      ignore-cert: ["yes"] # Generally this option should not be used.  Only use it if you truly trust the endpoint and know it is secure.  You may need a different job block for where you want to ignore certs.
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 127.0.0.1:9280  # The exporter's real hostname:port.

Running as a service

Ideally you'll run the exporter as a service. There are many ways to do that, so it's really up to you. If you're running it on Windows I would recommend NSSM.

Exported metrics

NetScaler

MetricMetric TypeUnit
CPU usageGaugePercent
Memory usageGaugePercent
Management CPU usageGaugePercent
Packet engine CPU usageGaugePercent
/flash partition usageGaugePercent
/var partition usageGaugePercent
Total received MBCounterMB
Total transmitted MBCounterMB
HTTP requestsGaugeNone
HTTP responsesGaugeNone
Current client connectionsGaugeNone
Current established client connectionsGaugeNone
Current server connectionsGaugeNone
Current established server connectionsGaugeNone

Interfaces

For each interface, the following metrics are retrieved.

MetricMetric TypeUnit
Interface IDN/ANone
Received bytesGaugeBytes
Transmitted bytesGaugeBytes
Received packetsGaugeNone
Transmitted packetsGaugeNone
Jumbo packets retrievedGaugeNone
Jumbo packets transmittedGaugeNone
Error packets receivedGaugeNone
Intrerface aliasN/ANone

Virtual Servers

For each virtual server, the following metrics are retrieved.

MetricMetric TypeUnit
NameN/ANone
Waiting requestsGaugeNone
HealthGaugePercent
Inactive servicesGaugeNone
Active servicesGaugeNone
Total hitsCounterNone
Total requestsCounterNone
Total responsesCounterNone
Total request bytesCounterBytes
Total response bytesCounterBytes
Current client connectionsGaugeNone
Current server connectionsGaugeNone

VPN Virtual Servers (NetScaler Gateway)

For each virtual server, the following metrics are retrieved.

MetricMetric TypeUnit
NameN/ANone
Total requestsCounterNone
Total responsesCounterNone
Total request bytesCounterBytes
Total response bytesCounterBytes
StateGaugeNone

Services

For each service, the following metrics are retrieved.

MetricMetric TypeUnit
NameN/ANone
ThroughputCounterMB
Average time to first byteGaugeSeconds
StateGaugeNone
Total requestsCounterNone
Total responsesCounterNone
Total request bytesCounterBytes
Total response bytesCounterBytes
Current client connectionsGaugeNone
Surge countGaugeNone
Current server connectionsGaugeNone
Server established connectionsGaugeNone
Current reuse poolGaugeNone
Max clientsGaugeNone
Current loadGaugePercent
Service hitsCounterNone
Active transactionsGaugeNone

Service Groups

For each service group member, the following metrics are retrieved.

MetricMetric TypeUnit
Average time to first byteGaugeSeconds
StateGaugeNone
Total requestsCounterNone
Total responsesCounterNone
Total request bytesCounterBytes
Total response bytesCounterBytes
Current client connectionsGaugeNone
Surge countGaugeNone
Current server connectionsGaugeNone
Server established connectionsGaugeNone
Current reuse poolGaugeNone
Max clientsGaugeNone

Licensing

MetricMetric TypeUnit
Model IDGaugeNone

GSLB Services

For each GSLB service, the following metrics are retrieved.

MetricMetric TypeUnit
NameN/ANone
StateGaugeNone
Total requestsCounterNone
Total responsesCounterNone
Total request bytesCounterBytes
Total response bytesCounterBytes
Current client connectionsGaugeNone
Current server connectionsGaugeNone
Established connectionsGaugeNone
Current loadGaugePercent
Service hitsCounterNone

GSLB Virtual Servers

For each GSLB virtual server, the following metrics are retrieved.

MetricMetric TypeUnit
NameN/ANone
HealthGaugePercent
Inactive servicesGaugeNone
Active servicesGaugeNone
Total hitsCounterNone
Total requestsCounterNone
Total responsesCounterNone
Total request bytesCounterBytes
Total response bytesCounterBytes
Current client connectionsGaugeNone
Current server connectionsGaugeNone

Content Switching Virtual Servers

For each Content Switching virtual server, the following metrics are retrieved.

MetricMetric TypeUnit
NameN/ANone
StateGaugeNone
Total hitsCounterNone
Total requestsCounterNone
Total responsesCounterNone
Total request bytesCounterBytes
Total response bytesCounterBytes
Current client connectionsGaugeNone
Current server connectionsGaugeNone
Established ConnectionsGaugeNone
Total Packets ReceivedCounterNone
Total Packets SentCounterNone
Total SpilloversCounterNone
Deferred RequestsCounterNone
Invalid Requests/ResponsesCounterNone
Number of Invalid Requests/Responses droppedCounterNone
Total virtual server down backup hitsCounterNone
Current multipath sessionsGaugeNone
Current multipath subflow connectionsGaugeNone

Downloading a release

https://github.com/rokett/Citrix-NetScaler-Exporter/releases

You can also download a Docker image from https://hub.docker.com/r/rokett/citrix-netscaler-exporter.

Building the executable

All dependencies are version controlled, so building the project is really easy.

  1. go get github.com/rokett/citrix-netscaler-exporter.
  2. From within the repository directory run make.
  3. Hey presto, you have an executable.

Dockerfile

This Dockerfile will create a container that will set the entrypoint as /Citrix-Netscaler-Exporter so you can just pass in the command line options mentioned above to the container without needing to call the executable

# Functions

NewExporter initialises the exporter.

# Structs

DB handles vip mappings.
Exporter represents the metrics exported to Prometheus.
VIPMap contains mappings.