Following are some of the best practices recommended when encountered with Learning functionality issues:
 

Aslearn process

• Verify that the process aslearn is running.

• Check top command output

• Check output of ps command by executing the following command:

     - ps -ax | grep aslearn | grep -v "grep”

     Example:

          root@ns# ps -ax | grep aslearn | grep -v "grep"

           1439  ??  Ss     0:03.86 /netscaler/aslearn -start -f /netscaler/aslearn.conf

 • Identify recent configuration commands executed prior to the observed problem by verifying the ns.log file:

          - /var/log/ns.log

• Inspect aslearn logs to check for aslearn messages:

          - /var/log/aslearn.log

• Isolate the profile and security check that is effected

• Identify the GUI and CLI command which is failing by executing the following command:

          - show appfw learningdata <profileName> <securityCheck>

     Examples:

          - show learningdata test_profile starturl

         -  show learningdata test_profile crosssiteScripting

         -  show learningdata test_profile sqLInjection

         - show learningdata test_profile csRFtag

         - show learningdata test_profile fieldformat

         - show learningdata test_profile fieldconsistency

• Perform integrity check of sqlite from ns prompt:

          - nsshell # sqlite3 /varnslog/asl/<profile_name_in_lowercase>.db pragma integrity_check;

 Examples:

          - root@ns# sqlite3 /varnslog/asl/tsk0247284.db pragma integrity_check;

          - Error: file is encrypted or is not a database

          - root@ns# sqlite3 /var/nslog/asl/tsk0247284.db pragma integrity_check;

             Ok

• Deploy or remove rules to start learning again:

          - If 2000 learn items (per protection) are reached, you cannot start learning any more for that protection

          - If 20 MB size is reached for the database, stop learning for all protections

          - Restart aslearn process

          /netscaler/aslearn -start -f /netscaler/aslearn.conf

• Check the space in the /var folder by executing the following:

          - du -h /var

• Check the learning threshold limits by executing the following command:

          - show appfwlearningsettings <profile_name> <securityCheck>

• Collect learned data by executing the following command:

          - export appfwlearningdata <profile_name> <securityCheck>

• Ascertain that learned data is uploaded in the collector.

• Application firewall Blocking data even in Learning Mode.

Malformed requests with a space in the request url blocks data in learning mode. Ensure that any extrace spaces are removed from the file name. Also, the file names need to be percent coded. For example; space could be converted to %20.