How to Enable Compact Logging for CGNAT in NetScaler?

book

Article ID: CTX218017

calendar_today

Updated On:

Description

CGNAT has become a necessity for service providers due to depletion of IPv4 address and surge in usage of IP based devices like Smart phones, Laptops, PCs, IP TVs and many more. With this surge in traffic in service provider network it becomes extremely difficult to log each session that goes through the network. Also they cannot evade this logging because of government regulations to keep track of usage of network resources for tracking and identifying user activities if necessary by the law. This makes service providers to store and process huge amount of CGNAT logs in their repository.
User-added image

One would ask why service providers can’t go for Deterministic CGNAT where logging is not necessary. But there are cases where service providers are asked to log NAT translation by government to get specific details. In case of Deterministic NAT, logging happens at the time of configuration and is stored in local device. These devices might overwrite the logs when logging goes beyond a specific duration and thus it creates uncertainty.
User-added image

What is compact logging in NetScaler?

Compact format is the technique of reducing the amount of log by using a notational change involving short operational codes for the events and protocol names. CGNAT logging contains information like,

NSIP address of the NetScaler ADC
Time stamp
Entry type (MAPPING)
Subscriber's IP address, port, and traffic domain ID
NAT IP address and port
Protocol name
Destination IP address, port, and traffic domain ID might be present, depending on these conditions:
1. Destination IP address is not logged for Endpoint-Independent mapping.
2. Destination IP address is logged for Address-Dependent mapping.
3. Destination IP address and port are logged for Address-Port-Dependent mapping.

These information are logged in CGNAT logs in full form, i.e Address-Port-Dependent mapping is logged as “LSN_ADDRPORT_MAPPING”. In case of compact logging, it will be logged as “A&PDMC” which reduces the space for storing the log. Some examples of default and compact logging below, where we can see considerable difference in log size can be seen below,

Default Logging	Compact Logging
02/02/2016:01:13:01 GMT Informational 0- PPE-2 : default LSN LSN_ADDRPORT_MAPPING 85 0 : A&PDM CREATED Client IP:Port:TD 1.1.1.1:6500:0, NatIP:NatPort 8.8.8.8:47902, Destination IP:Port:TD 2.2.2.2:80:0, Protocol: TCP (217 bytes)	02/02/2016:01:14:57 GMT Info 0-PE2:default LSN 87 0:A&PDMC\|C-1.1.1.1:6500:0\|N- 8.8.8.9:51066\|D-2.2.2.2:80:0\|T ( 109 bytes)
02/02/2016:01:39:11 GMT Informational 0- PPE-0 : default LSN LSN_DETERMINISTIC 622 0 : Dtrstc ALLOC Client 1.1.1.255, NatInfo 8.8.8.152:2560 to 3071 (149 bytes)	02/02/2016:01:43:54 GMT Info 0-PE0:default LSN 1646 0:DTRA\|C-1.1.1.255\|N- 8.8.8.152:2560-3071 (94 bytes)
02/02/2016:13:22:56 GMT Informational 0- PPE-2 : default LSN LSN_PORTBLOCK 117 0 : Portblock ALLOC Client 1.1.1.1, NatInfo 8.8.8.152:1024 to 1535, Proto:non-TCP (162 bytes)	02/02/2016:13:20:32 GMT Info 0-PE2:default LSN 115 0:PBA\|C-1.1.1.1\|N-8.8.8.151:1024- 1535\|NT (91 bytes)

It is found out that compact logging reduces the logging space required on an average by 44%. Apart from our compact logging solution, NetScaler also supports syslog over TCP to provide reliable transport of logs to log servers. To know more about syslog over TCP refer – http://support.citrix.com/article/CTX205824. NetScaler is also capable of load balancing the log servers.

Note: Compact logging can be enabled for NAT44, NAT64 and DS-Lite solutions.

Instructions

How to enable compact logging?

To enable compact logging using configuration utility,

Step1: Navigate to System -> Large Scale NAT -> Profile -> Logging

User-added image

Step 2: To add new logging profile, click Add

User-added image

Click create to get a new logging profile with compact logging enabled.

To enable compact logging using Command Prompt,

add lsn pool p1
add lsn pool p2 -portblockallocation ENABLED
bind lsn pool p1 8.8.8.8-8.8.8.9
add lsn client c1
bind lsn client c1 -network 1.1.1.1 -netmask 255.255.255.0
add lsn logprofile compact -logCompact ENABLED
add lsn group g1 -clientname c1 -portblocksize 512 -logging ENABLED -sessionLogging ENABLED
bind lsn group g1 -logProfileName compact