Configuring Flow Exports on Citrix Netscaler
AppFlow
AppFlow transmits information by using the Internet Protocol Flow Information eXport (IPFIX) format. IPFIX (the standardized version of Cisco’s NetFlow) is widely used to monitor network flow information of Citrix Netscaler devices.
AppFlow configuration on Citrix Netscaler involves AppFlow feature enabling, AppFlow settings, adding AppFlow collector, creating AppFlow action, creating AppFlow policies, and appending the policy created globally or individual virtual servers.
Configuration
For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.
The configuration steps for AppFlow on Citrix Netscaler is as follows:
Netscaler# enable feature AppFlow
Netscaler# set appflow param -httpUrl ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost
ENABLED -httpUserAgent ENABLED -clientTrafficOnly YES
Netscaler# add appflow collector "NetFlow Analyzer" -IPAddress 192.168.1.100 - port 9996
Netscaler# add appflow action af_act_netflowanalyzer -collectors "NetFlow Analyzer"
Netscaler# add appflow policy af_pol_log-all true af_act_NetFlowAnalyzer
Netscaler# bind system global -policyName af_pol_log-all -priority 100 -gotoPriorityExpression