ADC CLI Commands

lb-monitor

The following operations can be performed on “lb-monitor”:

bind lb monitor

Binds a monitor to a service or service group. Multiple monitors can be bound to a service or service group.

Synopsis

bind lb monitor \[-state \( ENABLED | DISABLED )] \[-weight <positive\_integer>] \[-state \( ENABLED | DISABLED )] \[-weight <positive\_integer>] \[-metric -metricThreshold <positive\_integer> \[-metricWeight <positive\_integer>] ] \[-certkeyName \[-CA \[-crlCheck \( Mandatory | Optional ) | -ocspCheck \( Mandatory | Optional )]]]

Arguments

monitorName Name of the monitor.

metric Name of the metric to be polled by the monitor.

metricThreshold Threshold for the specified metric. A value of zero disables the metric (the metric will not be used in load calculations). Minimum value: 0

metricWeight Weight to assign to the specified metric. A higher number specifies greater weight. Default value: 1 Minimum value: 1 Maximum value: 100

certkeyName The name of the CertKey

CA CA certificate.

crlCheck The state of the CRL check parameter. (Mandatory/Optional)

Possible values: Mandatory, Optional

ocspCheck The state of the OCSP check parameter. (Mandatory/Optional)

Possible values: Mandatory, Optional

Example

bind monitor http_mon http_svc To bind a monitor to multiple services use the following command: bind monitor http_mon http_svc[1-3]

rm lb monitor

Removes a monitor or a response code for an HTTP monitor. If you do not specify any response codes, the monitor is removed. If you provide any or all of the HTTP response codes that are configured for the monitor, only those specified response codes are removed; the monitor is not removed. Built-in monitors cannot be removed.

Synopsis

rm lb monitor [-respCode <int[-int]> ...]

Arguments

monitorName Name of the monitor.

type Type of monitor that you want to create.

Possible values: PING, TCP, HTTP, TCP-ECV, HTTP-ECV, UDP-ECV, DNS, FTP, LDNS-PING, LDNS-TCP, LDNS-DNS, RADIUS, USER, HTTP-INLINE, SIP-UDP, SIP-TCP, LOAD, FTP-EXTENDED, SMTP, SNMP, NNTP, MYSQL, MYSQL-ECV, MSSQL-ECV, ORACLE-ECV, LDAP, POP3, CITRIX-XML-SERVICE, CITRIX-WEB-INTERFACE, DNS-TCP, RTSP, ARP, CITRIX-AG, CITRIX-AAC-LOGINPAGE, CITRIX-AAC-LAS, CITRIX-XD-DDC, ND6, CITRIX-WI-EXTENDED, DIAMETER, RADIUS_ACCOUNTING, STOREFRONT, APPC, SMPP, CITRIX-XNC-ECV, CITRIX-XDM, CITRIX-STA-SERVICE, CITRIX-STA-SERVICE-NHOP, MQTT, HTTP2

respCode Response codes to delete from the response code list configured for the HTTP monitor.

Example

rm monitor http_mon http

disable lb monitor

Disable the monitor for a service. If the monitor name is not specified, all monitors bound to the service are disabled.

Synopsis

disable lb monitor (@ | @) \[]

Arguments

serviceName The name of the service being monitored.

serviceGroupName The name of the service group being monitored.

monitorName Name for the monitor. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my monitor” or ‘my monitor’).

Example

disable monitor http_svc http_mon To disable a monitor on multiple services use the following command: disable monitor http_svc[1-3] http_mon

unbind lb monitor

Unbinds a monitor from a service or service group.

Synopsis

unbind lb monitor [-metric ] [-certkeyName [-CA]]

Arguments

monitorName Name of the monitor.

metric Name of the metric to be polled by the monitor.

certkeyName The name of the CertKey

CA The rule for use of CRL corresponding to this CA certificate during client authentication. If crlCheck is set to Mandatory, the system will deny all SSL clients if the CRL is missing, expired - NextUpdate date is in the past, or is incomplete with remote CRL refresh enabled. If crlCheck is set to optional, the system will allow SSL clients in the above error cases.However, in any case if the client certificate is revoked in the CRL, the SSL client will be denied access.

Example

unbind monitor http_mon http_svc To unbind a monitor to multiple services use the following command: unbind monitor http_mon http_svc[1-3]

unset lb monitor

Removes the specified parameter settings from the specified monitor. Attributes for which a default value is available revert to their default values..Refer to the set lb monitor command for meanings of the arguments.

Synopsis

unset lb monitor \[-IPAddress <ip\_addr|ipv6\_addr|\*> ...] \[-scriptName] \[-destPort] \[-netProfile] \[-sslProfile] \[-action] \[-respCode] \[-httpRequest] \[-rtspRequest] \[-customHeaders] \[-maxForwards] \[-sipMethod] \[-sipregURI] \[-send] \[-recv] \[-query] \[-queryType] \[-userName] \[-password] \[-secondaryPassword] \[-logonpointName] \[-lasVersion] \[-radKey] \[-radNASid] \[-radNASip] \[-radAccountType] \[-radFramedIP] \[-radAPN] \[-radMSISDN] \[-radAccountSession] \[-LRTM] \[-deviation] \[-scriptArgs] \[-secureArgs] \[-validateCred] \[-domain] \[-dispatcherIP] \[-dispatcherPort] \[-interval] \[-resptimeout] \[-resptimeoutThresh] \[-retries] \[-failureRetries] \[-alertRetries] \[-successRetries] \[-downTime] \[-destIP] \[-state] \[-reverse] \[-transparent] \[-ipTunnel] \[-tos] \[-tosId] \[-secure] \[-group] \[-fileName] \[-baseDN] \[-bindDN] \[-filter] \[-attribute] \[-database] \[-oracleSid] \[-sqlQuery] \[-snmpOID] \[-snmpCommunity] \[-snmpThreshold] \[-snmpVersion] \[-metricTable] \[-mssqlProtocolVersion] \[-originHost] \[-originRealm] \[-hostIPAddress] \[-vendorId] \[-productName] \[-firmwareRevision] \[-authApplicationId] \[-acctApplicationId] \[-inbandSecurityId] \[-supportedVendorIds] \[-vendorSpecificVendorId] \[-vendorSpecificAuthApplicationIds] \[-vendorSpecificAcctApplicationIds] \[-kcdAccount] \[-storedb] \[-trofscode] \[-trofsstring] \[-mqttClientIdentifier] \[-mqttVersion] \[-grpcHealthCheck] \[-grpcStatusCode] \[-grpcServiceName]

Example

set monitor dns_mon dns -ipaddress 10.102.27.230

show lb monitor

Displays the parameters of all the monitors configured on the appliance, or the parameters of the specified monitor.

Synopsis

show lb monitor [] [] show lb monitor bindings - alias for 'show lb monbindings'

Arguments

monitorName Name of the monitor.

type Type of monitor that you want to create.

Possible values: PING, TCP, HTTP, TCP-ECV, HTTP-ECV, UDP-ECV, DNS, FTP, LDNS-PING, LDNS-TCP, LDNS-DNS, RADIUS, USER, HTTP-INLINE, SIP-UDP, SIP-TCP, LOAD, FTP-EXTENDED, SMTP, SNMP, NNTP, MYSQL, MYSQL-ECV, MSSQL-ECV, ORACLE-ECV, LDAP, POP3, CITRIX-XML-SERVICE, CITRIX-WEB-INTERFACE, DNS-TCP, RTSP, ARP, CITRIX-AG, CITRIX-AAC-LOGINPAGE, CITRIX-AAC-LAS, CITRIX-XD-DDC, ND6, CITRIX-WI-EXTENDED, DIAMETER, RADIUS_ACCOUNTING, STOREFRONT, APPC, SMPP, CITRIX-XNC-ECV, CITRIX-XDM, CITRIX-STA-SERVICE, CITRIX-STA-SERVICE-NHOP, MQTT, HTTP2

Output

interval The frequency at which the probe is sent to the service.

units monitor interval units

resptimeout The interval for which the system waits before it marks the probe as FAILED.

resptimeoutThresh Response time threshold, specified as a percentage of the Response Time-out parameter. If the response to a monitor probe has not arrived when the threshold is reached, the appliance generates an SNMP trap called monRespTimeoutAboveThresh. After the response time returns to a value below the threshold, the appliance generates a monRespTimeoutBelowThresh SNMP trap. For the traps to be generated, the “MONITOR-RTO-THRESHOLD” alarm must also be enabled.

units monitor response timeout units

retries Maximum number of probes to send to establish the state of a service for which a monitoring probe failed.

failureRetries Number of retries that must fail, out of the number specified for the Retries parameter, for a service to be marked as DOWN. For example, if the Retries parameter is set to 10 and the Failure Retries parameter is set to 6, out of the ten probes sent, at least six probes must fail if the service is to be marked as DOWN. The default value of 0 means that all the retries must fail if the service is to be marked as DOWN.

alertRetries The number of failures after which the system generates a SNMP trap.

successRetries Number of consecutive successful probes required to transition a service’s state from DOWN to UP.

downTime The duration in seconds for which the system waits to make the next probe once the service is marked as DOWN.

units Unit of measurement for the Down Time parameter. Cannot be changed after the monitor is created.

destIP The IP address to which the probe is sent.

destPort The TCP/UDP port to which the probe is sent.

state The state of the monitor.

reverse Mark a service as DOWN, instead of UP, when probe criteria are satisfied, and as UP instead of DOWN when probe criteria are not satisfied.

transparent The state of the monitor for transparent devices.

ipTunnel The state of the monitor for tunneled devices.

tos TOS setting.

tosId TOS ID

secure The state of the secure monitoring of services.

action Action to perform when the response to an inline monitor (a monitor of type HTTP-INLINE) indicates that the service is down. A service monitored by an inline monitor is considered DOWN if the response code is not one of the codes that have been specified for the Response Code parameter. Available settings function as follows:

  • NONE - Do not take any action. However, the show service command and the show lb monitor command indicate the total number of responses that were checked and the number of consecutive error responses received after the last successful probe.
  • LOG - Log the event in NSLOG or SYSLOG.
  • DOWN - Mark the service as being down, and then do not direct any traffic to the service until the configured down time has expired. Persistent connections to the service are terminated as soon as the service is marked as DOWN. Also, log the event in NSLOG or SYSLOG.

respCode The response codes.

httpRequest The HTTP request that is sent to the server.

rtspRequest The RTSP request that is sent to the server.

send The string that is sent to the service.

recv The string that is expected from the server to mark the server as UP.

query Domain name to resolve as part of monitoring the DNS service (for example, example.com).

queryType Type of DNS record for which to send monitoring queries. Set to Address for querying A records, AAAA for querying AAAA records, and Zone for querying the SOA record.

userName Username on the RADIUS/NNTP/FTP/FTP-EXTENDED/MYSQL/POP3/CITRIX-XD-DDC/CITRIX-WI-EXTENDED/CITRIX-XNC-ECV/CITRIX-XDM/MQTT server. This user name is used in the probe.

password Password used in RADIUS/NNTP/FTP/FTP-EXTENDED/MYSQL/POP3/LDAP/CITRIX-XD-DDC/CITRIX-WI-EXTENDED/CITRIX-XNC-ECV/CITRIX-XDM/MQTT server monitoring.

secondaryPassword Secondary password that users might have to provide to log on to the Access Gateway server. Applicable to CITRIX-AG monitors.

logonpointName Logonpoint name used in Citrix AAC login page monitoring.

lasVersion Version number of the Citrix Advanced Access Control Logon Agent. Required by the CITRIX-AAC-LAS monitor.

validateCred Validate the credentials of the Xen Desktop DDC server user. Applicable to monitors of type CITRIX-XD-DDC.

domain Domain in which the XenDesktop Desktop Delivery Controller (DDC) servers or Web Interface servers are present. Required by CITRIX-XD-DDC and CITRIX-WI-EXTENDED monitors for logging on to the DDC servers and Web Interface servers, respectively.

radKey Authentication key (shared secret text string) for RADIUS clients and servers to exchange. Applicable to monitors of type RADIUS and RADIUS_ACCOUNTING.

radNASid NAS-Identifier to send in the Access-Request packet. Applicable to monitors of type RADIUS.

radNASip Network Access Server (NAS) IP address to use as the source IP address when monitoring a RADIUS server. Applicable to monitors of type RADIUS and RADIUS_ACCOUNTING.

radAccountType Account Type to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

radFramedIP Source ip with which the packet will go out . Applicable to monitors of type RADIUS_ACCOUNTING.

radAPN Called Station Id to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

radMSISDN Calling Stations Id to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

radAccountSession Account Session ID to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

LRTM Calculate the least response times for bound services. If this parameter is not enabled, the appliance does not learn the response times of the bound services. Also used for LRTM load balancing.

lrtmConf State of LRTM configuration on the monitor.

lrtmConfStr State of LRTM configuration on the monitor as STRING.

deviation Deviation from the learnt response time for Dynamic Response Time monitoring.

units Unit of measurement for the Deviation parameter. Cannot be changed after the monitor is created.

dynamicResponseTimeout Response timeout of the DRTM enabled monitor , calculated dynamically based on the history and current response time.

dynamicInterval Interval between monitoring probes for DRTM enabled monitor , calculated dynamically based monitor response time.

scriptName Path and name of the script to execute. The script must be available on the Citrix ADC, in the /nsconfig/monitors/ directory.

scriptArgs String of arguments for the script. The string is copied verbatim into the request.

secureArgs List of arguments for the script which should be secure

dispatcherIP IP address of the dispatcher to which to send the probe.

dispatcherPort Port number on which the dispatcher listens for the monitoring probe.

sipURI SIP URI string to send to the service (for example, sip:sip.test). Applicable only to monitors of type SIP-UDP.

sipMethod Specifies SIP method to be used for the query

maxForwards Maximum number of hops a sip monitor packet can go.

sipregURI Specifies SIP user to be registered

customHeaders The string that is sent to the service. Applicable to HTTP ,HTTP-ECV and RTSP monitor types.

IPAddress Set of IP addresses expected in the monitoring response from the DNS server, if the record type is A or AAAA. Applicable to DNS monitors.

group Name of a newsgroup available on the NNTP service that is to be monitored. The appliance periodically generates an NNTP query for the name of the newsgroup and evaluates the response. If the newsgroup is found on the server, the service is marked as UP. If the newsgroup does not exist or if the search fails, the service is marked as DOWN. Applicable to NNTP monitors.

fileName Name of a file on the FTP server. The appliance monitors the FTP service by periodically checking the existence of the file on the server. Applicable to FTP-EXTENDED monitors.

baseDN The base distinguished name of the LDAP service, from where the LDAP server can begin the search for the attributes in the monitoring query. Required for LDAP service monitoring.

bindDN The distinguished name with which an LDAP monitor can perform the Bind operation on the LDAP server. Optional. Applicable to LDAP monitors.

filter Filter criteria for the LDAP query. Optional.

attribute Attribute to evaluate when the LDAP server responds to the query. Success or failure of the monitoring probe depends on whether the attribute exists in the response. Optional.

database Name of the database to connect to during authentication.

oracleSid Name of the service identifier that is used to connect to the Oracle database during authentication.

sqlQuery SQL query for a MYSQL-ECV or MSSQL-ECV monitor. Sent to the database server after the server authenticates the connection.

evalRule Expression that evaluates the database server’s response to a MYSQL-ECV or MSSQL-ECV monitoring query. Must produce a Boolean result. The result determines the state of the server. If the expression returns TRUE, the probe succeeds. For example, if you want the appliance to evaluate the error message to determine the state of the server, use the rule MYSQL.RES.ROW(10) .TEXT_ELEM(2).EQ(“MySQL”).

snmpOID SNMP OID for SNMP monitors.

snmpCommunity Community name for SNMP monitors.

snmpThreshold Threshold for SNMP monitors.

snmpVersion SNMP version to be used for SNMP monitoring.

metric Metric name in the metric table, whose setting is changed

metricTable Metric table, whose setting is changed

multimetrictable Metric table to which to bind metrics, to be used only for output purposes.

metricThreshold Threshold to be used for that metric.

metricWeight The weight for the specified service metric with respect to others.

stateflag Flags controlling the display.

flags Used by build-in monitors.

application Name of the application used to determine the state of the service. Applicable to monitors of type CITRIX-XML-SERVICE.

sitePath URL of the logon page. For monitors of type CITRIX-WEB-INTERFACE, to monitor a dynamic page under the site path, terminate the site path with a slash (/). Applicable to CITRIX-WEB-INTERFACE, CITRIX-WI-EXTENDED and CITRIX-XDM monitors.

storename Store Name. For monitors of type STOREFRONT, STORENAME is an optional argument defining storefront service store name. Applicable to STOREFRONT monitors.

storefrontacctservice Enable/Disable probing for Account Service. Applicable only to Store Front monitors. For multi-tenancy configuration users my skip account service

storefrontcheckbackendservices This option will enable monitoring of services running on storefront server. Storefront services are monitored by probing to a Windows service that runs on the Storefront server and exposes details of which storefront services are running.

hostName Hostname in the FQDN format (Example: porche.cars.org). Applicable to STOREFRONT monitors.

units Giving the unit of the metric

netProfile Name of the network profile.

mssqlProtocolVersion Version of MSSQL server that is to be monitored.

originHost Origin-Host value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

originRealm Origin-Realm value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

hostIPAddress Host-IP-Address value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. If Host-IP-Address is not specified, the appliance inserts the mapped IP (MIP) address or subnet IP (SNIP) address from which the CER request (the monitoring probe) is sent.

vendorId Vendor-Id value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

productName Product-Name value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

firmwareRevision Firmware-Revision value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

authApplicationId List of Auth-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring CER message.

acctApplicationId List of Acct-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message.

inbandSecurityId Inband-Security-Id for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

supportedVendorIds List of Supported-Vendor-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum eight of these AVPs are supported in a monitoring message.

vendorSpecificVendorId Vendor-Id to use in the Vendor-Specific-Application-Id grouped attribute-value pair (AVP) in the monitoring CER message. To specify Auth-Application-Id or Acct-Application-Id in Vendor-Specific-Application-Id, use vendorSpecificAuthApplicationIds or vendorSpecificAcctApplicationIds, respectively. Only one Vendor-Id is supported for all the Vendor-Specific-Application-Id AVPs in a CER monitoring message.

vendorSpecificAuthApplicationIds List of Vendor-Specific-Auth-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. The specified value is combined with the value of vendorSpecificVendorId to obtain the Vendor-Specific-Application-Id AVP in the CER monitoring message.

vendorSpecificAcctApplicationIds List of Vendor-Specific-Acct-Application-Id attribute value pairs (AVPs) to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. The specified value is combined with the value of vendorSpecificVendorId to obtain the Vendor-Specific-Application-Id AVP in the CER monitoring message.

serviceName state weight serviceGroupName weight kcdAccount KCD Account used by MSSQL monitor

storedb Store the database list populated with the responses to monitor probes. Used in database specific load balancing if MSSQL-ECV/MYSQL-ECV monitor is configured.

trofscode Code expected when the server is under maintenance

trofsstring String expected from the server for the service to be marked as trofs. Applicable to HTTP-ECV/TCP-ECV monitors.

sslProfile SSL Profile associated with the monitor

certkeyName The name of the certificate bound to the monitor.

CA The rule for use of CRL corresponding to this CA certificate during client authentication. If crlCheck is set to Mandatory, the system will deny all SSL clients if the CRL is missing, expired - NextUpdate date is in the past, or is incomplete with remote CRL refresh enabled. If crlCheck is set to optional, the system will allow SSL clients in the above error cases.However, in any case if the client certificate is revoked in the CRL, the SSL client will be denied access.

crlCheck The state of the CRL check parameter. (Mandatory/Optional)

ocspCheck The state of the OCSP check parameter. (Mandatory/Optional)

mqttClientIdentifier Client id to be used in Connect command

mqttVersion Version of MQTT protocol used in connect message, default is version 3.1.1 [4]

grpcHealthCheck Option to enable or disable gRPC health check service.

grpcStatusCode gRPC status codes for which to mark the service as UP. The default value is 12(health check unimplemented). If the gRPC status code 0 is received from the backend this configuration is ignored.

grpcServiceName Option to specify gRPC service name on which gRPC health check need to be performed

devno count

Example

An example of the show monitor command output is as follows: 8 configured monitors: 1) Name…….: ping Type……: PING State….ENABLED 2) Name…….: tcp Type……: TCP State….ENABLED 3) Name…….: http Type……: HTTP State….ENABLED 4) Name…….: tcp-ecv Type……: TCP-ECV State….ENABLED 5) Name…….: http-ecv Type……: HTTP-ECV State….ENABLED 6) Name…….: udp-ecv Type……: UDP-ECV State….ENABLED 7) Name…….: dns Type……: DNS State….ENABLED 8) Name…….: ftp Type……: FTP State….ENABLED

set lb monitor

Modifies the specified parameters of a monitor.

Synopsis

set lb monitor \[-action ] \[-respCode <int\[-int]> ...] \[-httpRequest ] \[-rtspRequest ] \[-customHeaders ] \[-maxForwards <positive\_integer>] \[-sipMethod ] \[-sipregURI ] \[-sipURI ] \[-send ] \[-recv ] \[-query ] \[-queryType ] \[-userName ] {-password } {-secondaryPassword } \[-logonpointName ] \[-lasVersion ] {-radKey } \[-radNASid ] \[-radNASip <ip\_addr>] \[-radAccountType <positive\_integer>] \[-radFramedIP <ip\_addr>] \[-radAPN ] \[-radMSISDN ] \[-radAccountSession ] \[-LRTM \( ENABLED | DISABLED )] \[-deviation <positive\_integer> \[]] \[-scriptName ] \[-scriptArgs ] \[-secureArgs ] \[-validateCred \( YES | NO )] \[-domain ] \[-dispatcherIP <ip\_addr>] \[-dispatcherPort ] \[-interval \[]] \[-resptimeout \[]] \[-resptimeoutThresh <positive\_integer>] \[-retries ] \[-failureRetries ] \[-alertRetries ] \[-successRetries ] \[-downTime \[]] \[-destIP <ip\_addr|ipv6\_addr>] \[-destPort ] \[-state \( ENABLED | DISABLED )] \[-reverse \( YES | NO )] \[-transparent \( YES | NO )] \[-ipTunnel \( YES | NO )] \[-tos \( YES | NO )] \[-tosId <positive\_integer>] \[-secure \( YES | NO )] \[-IPAddress <ip\_addr|ipv6\_addr|\*> ...] \[-group ] \[-fileName ] \[-baseDN ] \[-bindDN ] \[-filter ] \[-attribute ] \[-database | -oracleSid ] \[-sqlQuery ] \[-evalRule ] \[-snmpOID ] \[-snmpCommunity ] \[-snmpThreshold ] \[-snmpVersion \( V1 | V2 )] \[-metricTable ] \[-metric \[-metricThreshold <positive\_integer>] \[-metricWeight <positive\_integer>]] \[-application ] \[-sitePath ] \[-storename ] \[-storefrontacctservice \( YES | NO )] \[-storefrontcheckbackendservices \( YES | NO )] \[-netProfile ] \[-mssqlProtocolVersion ] \[-originHost ] \[-originRealm ] \[-hostIPAddress <ip\_addr|ipv6\_addr|\*>] \[-vendorId <positive\_integer>] \[-productName ] \[-firmwareRevision <positive\_integer>] \[-authApplicationId <positive\_integer> ...] \[-acctApplicationId <positive\_integer> ...] \[-inbandSecurityId \( NO\_INBAND\_SECURITY | TLS )] \[-supportedVendorIds <positive\_integer> ...] \[-vendorSpecificVendorId <positive\_integer> \[-vendorSpecificAuthApplicationIds <positive\_integer> ...] \[-vendorSpecificAcctApplicationIds <positive\_integer> ...]] \[-kcdAccount ] \[-storedb \( ENABLED | DISABLED )] \[-trofscode <positive\_integer>] \[-trofsstring ] \[-sslProfile ] \[-mqttClientIdentifier ] \[-mqttVersion <positive\_integer>] \[-grpcHealthCheck \( YES | NO )] \[-grpcStatusCode <positive\_integer> ...] \[-grpcServiceName ]

Arguments

monitorName Name of the monitor.

type Type of monitor that you want to create.

Possible values: PING, TCP, HTTP, TCP-ECV, HTTP-ECV, UDP-ECV, DNS, FTP, LDNS-PING, LDNS-TCP, LDNS-DNS, RADIUS, USER, HTTP-INLINE, SIP-UDP, SIP-TCP, LOAD, FTP-EXTENDED, SMTP, SNMP, NNTP, MYSQL, MYSQL-ECV, MSSQL-ECV, ORACLE-ECV, LDAP, POP3, CITRIX-XML-SERVICE, CITRIX-WEB-INTERFACE, DNS-TCP, RTSP, ARP, CITRIX-AG, CITRIX-AAC-LOGINPAGE, CITRIX-AAC-LAS, CITRIX-XD-DDC, ND6, CITRIX-WI-EXTENDED, DIAMETER, RADIUS_ACCOUNTING, STOREFRONT, APPC, SMPP, CITRIX-XNC-ECV, CITRIX-XDM, CITRIX-STA-SERVICE, CITRIX-STA-SERVICE-NHOP, MQTT, HTTP2

action Action to perform when the response to an inline monitor (a monitor of type HTTP-INLINE) indicates that the service is down. A service monitored by an inline monitor is considered DOWN if the response code is not one of the codes that have been specified for the Response Code parameter. Available settings function as follows:

  • NONE - Do not take any action. However, the show service command and the show lb monitor command indicate the total number of responses that were checked and the number of consecutive error responses received after the last successful probe.
  • LOG - Log the event in NSLOG or SYSLOG.
  • DOWN - Mark the service as being down, and then do not direct any traffic to the service until the configured down time has expired. Persistent connections to the service are terminated as soon as the service is marked as DOWN. Also, log the event in NSLOG or SYSLOG.

Possible values: NONE, LOG, DOWN Default value: DOWN

respCode Response codes for which to mark the service as UP. For any other response code, the action performed depends on the monitor type. HTTP monitors and RADIUS monitors mark the service as DOWN, while HTTP-INLINE monitors perform the action indicated by the Action parameter.

httpRequest HTTP request to send to the server (for example, “HEAD /file.html”).

rtspRequest RTSP request to send to the server (for example, “OPTIONS *”).

customHeaders Custom header string to include in the monitoring probes.

maxForwards Maximum number of hops that the SIP request used for monitoring can traverse to reach the server. Applicable only to monitors of type SIP-UDP. Default value: 1 Minimum value: 0 Maximum value: 255

sipMethod SIP method to use for the query. Applicable only to monitors of type SIP-UDP.

Possible values: OPTIONS, INVITE, REGISTER

sipregURI SIP user to be registered. Applicable only if the monitor is of type SIP-UDP and the SIP Method parameter is set to REGISTER.

sipURI SIP URI string to send to the service (for example, sip:sip.test). Applicable only to monitors of type SIP-UDP.

send String to send to the service. Applicable to TCP-ECV, HTTP-ECV, and UDP-ECV monitors.

recv String expected from the server for the service to be marked as UP. Applicable to TCP-ECV, HTTP-ECV, and UDP-ECV monitors.

query Domain name to resolve as part of monitoring the DNS service (for example, example.com).

queryType Type of DNS record for which to send monitoring queries. Set to Address for querying A records, AAAA for querying AAAA records, and Zone for querying the SOA record.

Possible values: Address, Zone, AAAA

userName User name with which to probe the RADIUS, NNTP, FTP, FTP-EXTENDED, MYSQL, MSSQL, POP3, CITRIX-AG, CITRIX-XD-DDC, CITRIX-WI-EXTENDED, CITRIX-XNC or CITRIX-XDM server.

password Password that is required for logging on to the RADIUS, NNTP, FTP, FTP-EXTENDED, MYSQL, MSSQL, POP3, CITRIX-AG, CITRIX-XD-DDC, CITRIX-WI-EXTENDED, CITRIX-XNC-ECV or CITRIX-XDM server. Used in conjunction with the user name specified for the User Name parameter.

secondaryPassword Secondary password that users might have to provide to log on to the Access Gateway server. Applicable to CITRIX-AG monitors.

logonpointName Name of the logon point that is configured for the Citrix Access Gateway Advanced Access Control software. Required if you want to monitor the associated login page or Logon Agent. Applicable to CITRIX-AAC-LAS and CITRIX-AAC-LOGINPAGE monitors.

lasVersion Version number of the Citrix Advanced Access Control Logon Agent. Required by the CITRIX-AAC-LAS monitor.

radKey Authentication key (shared secret text string) for RADIUS clients and servers to exchange. Applicable to monitors of type RADIUS and RADIUS_ACCOUNTING.

radNASid NAS-Identifier to send in the Access-Request packet. Applicable to monitors of type RADIUS.

radNASip Network Access Server (NAS) IP address to use as the source IP address when monitoring a RADIUS server. Applicable to monitors of type RADIUS and RADIUS_ACCOUNTING.

radAccountType Account Type to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING. Default value: 1 Minimum value: 0 Maximum value: 15

radFramedIP Source ip with which the packet will go out . Applicable to monitors of type RADIUS_ACCOUNTING.

radAPN Called Station Id to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

radMSISDN Calling Stations Id to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

radAccountSession Account Session ID to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

LRTM Calculate the least response times for bound services. If this parameter is not enabled, the appliance does not learn the response times of the bound services. Also used for LRTM load balancing.

Possible values: ENABLED, DISABLED

deviation Time value added to the learned average response time in dynamic response time monitoring (DRTM). When a deviation is specified, the appliance learns the average response time of bound services and adds the deviation to the average. The final value is then continually adjusted to accommodate response time variations over time. Specified in milliseconds, seconds, or minutes. Minimum value: 0 Maximum value: 20939

units Unit of measurement for the Deviation parameter. Cannot be changed after the monitor is created.

Possible values: SEC, MSEC, MIN Default value: SEC

scriptName Path and name of the script to execute. The script must be available on the Citrix ADC, in the /nsconfig/monitors/ directory.

scriptArgs String of arguments for the script. The string is copied verbatim into the request.

secureArgs List of arguments for the script which should be secure

validateCred Validate the credentials of the Xen Desktop DDC server user. Applicable to monitors of type CITRIX-XD-DDC.

Possible values: YES, NO Default value: NO

domain Domain in which the XenDesktop Desktop Delivery Controller (DDC) servers or Web Interface servers are present. Required by CITRIX-XD-DDC and CITRIX-WI-EXTENDED monitors for logging on to the DDC servers and Web Interface servers, respectively.

dispatcherIP IP address of the dispatcher to which to send the probe.

dispatcherPort Port number on which the dispatcher listens for the monitoring probe.

interval Time interval between two successive probes. Must be greater than the value of Response Time-out. Default value: 5 Minimum value: 1 Maximum value: 20940

units monitor interval units

Possible values: SEC, MSEC, MIN Default value: SEC

resptimeout Amount of time for which the appliance must wait before it marks a probe as FAILED. Must be less than the value specified for the Interval parameter.

Note: For UDP-ECV monitors for which a receive string is not configured, response timeout does not apply. For UDP-ECV monitors with no receive string, probe failure is indicated by an ICMP port unreachable error received from the service. Default value: 2 Minimum value: 1 Maximum value: 20939

units monitor response timeout units

Possible values: SEC, MSEC, MIN Default value: SEC

resptimeoutThresh Response time threshold, specified as a percentage of the Response Time-out parameter. If the response to a monitor probe has not arrived when the threshold is reached, the appliance generates an SNMP trap called monRespTimeoutAboveThresh. After the response time returns to a value below the threshold, the appliance generates a monRespTimeoutBelowThresh SNMP trap. For the traps to be generated, the “MONITOR-RTO-THRESHOLD” alarm must also be enabled. Minimum value: 0 Maximum value: 100

retries Maximum number of probes to send to establish the state of a service for which a monitoring probe failed. Default value: 3 Minimum value: 1 Maximum value: 127

failureRetries Number of retries that must fail, out of the number specified for the Retries parameter, for a service to be marked as DOWN. For example, if the Retries parameter is set to 10 and the Failure Retries parameter is set to 6, out of the ten probes sent, at least six probes must fail if the service is to be marked as DOWN. The default value of 0 means that all the retries must fail if the service is to be marked as DOWN. Maximum value: 32

alertRetries Number of consecutive probe failures after which the appliance generates an SNMP trap called monProbeFailed. Maximum value: 32

successRetries Number of consecutive successful probes required to transition a service’s state from DOWN to UP. Default value: 1 Minimum value: 1 Maximum value: 32

downTime Time duration for which to wait before probing a service that has been marked as DOWN. Expressed in milliseconds, seconds, or minutes. Default value: 30 Minimum value: 1 Maximum value: 20939

units Unit of measurement for the Down Time parameter. Cannot be changed after the monitor is created.

Possible values: SEC, MSEC, MIN Default value: SEC

destIP IP address of the service to which to send probes. If the parameter is set to 0, the IP address of the server to which the monitor is bound is considered the destination IP address.

destPort TCP or UDP port to which to send the probe. If the parameter is set to 0, the port number of the service to which the monitor is bound is considered the destination port. For a monitor of type USER, however, the destination port is the port number that is included in the HTTP request sent to the dispatcher. Does not apply to monitors of type PING.

state State of the monitor. The DISABLED setting disables not only the monitor being configured, but all monitors of the same type, until the parameter is set to ENABLED. If the monitor is bound to a service, the state of the monitor is not taken into account when the state of the service is determined.

Possible values: ENABLED, DISABLED Default value: ENABLED

reverse Mark a service as DOWN, instead of UP, when probe criteria are satisfied, and as UP instead of DOWN when probe criteria are not satisfied.

Possible values: YES, NO Default value: NO

transparent The monitor is bound to a transparent device such as a firewall or router. The state of a transparent device depends on the responsiveness of the services behind it. If a transparent device is being monitored, a destination IP address must be specified. The probe is sent to the specified IP address by using the MAC address of the transparent device.

Possible values: YES, NO Default value: NO

ipTunnel Send the monitoring probe to the service through an IP tunnel. A destination IP address must be specified.

Possible values: YES, NO Default value: NO

tos Probe the service by encoding the destination IP address in the IP TOS (6) bits.

Possible values: YES, NO

tosId The TOS ID of the specified destination IP. Applicable only when the TOS parameter is set. Minimum value: 1 Maximum value: 63

secure Use a secure SSL connection when monitoring a service. Applicable only to TCP based monitors. The secure option cannot be used with a CITRIX-AG monitor, because a CITRIX-AG monitor uses a secure connection by default.

Possible values: YES, NO Default value: NO

IPAddress Set of IP addresses expected in the monitoring response from the DNS server, if the record type is A or AAAA. Applicable to DNS monitors.

group Name of a newsgroup available on the NNTP service that is to be monitored. The appliance periodically generates an NNTP query for the name of the newsgroup and evaluates the response. If the newsgroup is found on the server, the service is marked as UP. If the newsgroup does not exist or if the search fails, the service is marked as DOWN. Applicable to NNTP monitors.

fileName Name of a file on the FTP server. The appliance monitors the FTP service by periodically checking the existence of the file on the server. Applicable to FTP-EXTENDED monitors.

baseDN The base distinguished name of the LDAP service, from where the LDAP server can begin the search for the attributes in the monitoring query. Required for LDAP service monitoring.

bindDN The distinguished name with which an LDAP monitor can perform the Bind operation on the LDAP server. Optional. Applicable to LDAP monitors.

filter Filter criteria for the LDAP query. Optional.

attribute Attribute to evaluate when the LDAP server responds to the query. Success or failure of the monitoring probe depends on whether the attribute exists in the response. Optional.

database Name of the database to connect to during authentication.

oracleSid Name of the service identifier that is used to connect to the Oracle database during authentication.

sqlQuery SQL query for a MYSQL-ECV or MSSQL-ECV monitor. Sent to the database server after the server authenticates the connection.

evalRule Expression that evaluates the database server’s response to a MYSQL-ECV or MSSQL-ECV monitoring query. Must produce a Boolean result. The result determines the state of the server. If the expression returns TRUE, the probe succeeds. For example, if you want the appliance to evaluate the error message to determine the state of the server, use the rule MYSQL.RES.ROW(10) .TEXT_ELEM(2).EQ(“MySQL”).

snmpOID SNMP OID for SNMP monitors.

snmpCommunity Community name for SNMP monitors.

snmpThreshold Threshold for SNMP monitors.

snmpVersion SNMP version to be used for SNMP monitors.

Possible values: V1, V2

metricTable Metric table to which to bind metrics.

metric Metric name in the metric table, whose setting is changed. A value zero disables the metric and it will not be used for load calculation

metricThreshold Threshold to be used for that metric. Minimum value: 0

metricWeight The weight for the specified service metric with respect to others. Minimum value: 1 Maximum value: 100

application Name of the application used to determine the state of the service. Applicable to monitors of type CITRIX-XML-SERVICE.

sitePath URL of the logon page. For monitors of type CITRIX-WEB-INTERFACE, to monitor a dynamic page under the site path, terminate the site path with a slash (/). Applicable to CITRIX-WEB-INTERFACE, CITRIX-WI-EXTENDED and CITRIX-XDM monitors.

storename Store Name. For monitors of type STOREFRONT, STORENAME is an optional argument defining storefront service store name. Applicable to STOREFRONT monitors.

storefrontacctservice Enable/Disable probing for Account Service. Applicable only to Store Front monitors. For multi-tenancy configuration users my skip account service

Possible values: YES, NO Default value: YES

storefrontcheckbackendservices This option will enable monitoring of services running on storefront server. Storefront services are monitored by probing to a Windows service that runs on the Storefront server and exposes details of which storefront services are running.

Possible values: YES, NO Default value: NO

netProfile Name of the network profile.

mssqlProtocolVersion Version of MSSQL server that is to be monitored.

Possible values: 70, 2000, 2000SP1, 2005, 2008, 2008R2, 2012, 2014 Default value: 70

originHost Origin-Host value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

originRealm Origin-Realm value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

hostIPAddress Host-IP-Address value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. If Host-IP-Address is not specified, the appliance inserts the mapped IP (MIP) address or subnet IP (SNIP) address from which the CER request (the monitoring probe) is sent.

vendorId Vendor-Id value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. Minimum value: 0

productName Product-Name value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

firmwareRevision Firmware-Revision value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. Minimum value: 0

authApplicationId List of Auth-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring CER message. Minimum value: 0 Maximum value: 4294967295

acctApplicationId List of Acct-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. Minimum value: 0 Maximum value: 4294967295

inbandSecurityId Inband-Security-Id for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

Possible values: NO_INBAND_SECURITY, TLS

supportedVendorIds List of Supported-Vendor-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum eight of these AVPs are supported in a monitoring message. Minimum value: 1 Maximum value: 4294967295

vendorSpecificVendorId Vendor-Id to use in the Vendor-Specific-Application-Id grouped attribute-value pair (AVP) in the monitoring CER message. To specify Auth-Application-Id or Acct-Application-Id in Vendor-Specific-Application-Id, use vendorSpecificAuthApplicationIds or vendorSpecificAcctApplicationIds, respectively. Only one Vendor-Id is supported for all the Vendor-Specific-Application-Id AVPs in a CER monitoring message. Minimum value: 1

vendorSpecificAuthApplicationIds List of Vendor-Specific-Auth-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. The specified value is combined with the value of vendorSpecificVendorId to obtain the Vendor-Specific-Application-Id AVP in the CER monitoring message. Minimum value: 0 Maximum value: 4294967295

vendorSpecificAcctApplicationIds List of Vendor-Specific-Acct-Application-Id attribute value pairs (AVPs) to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. The specified value is combined with the value of vendorSpecificVendorId to obtain the Vendor-Specific-Application-Id AVP in the CER monitoring message. Minimum value: 0 Maximum value: 4294967295

kcdAccount KCD Account used by MSSQL monitor

storedb Store the database list populated with the responses to monitor probes. Used in database specific load balancing if MSSQL-ECV/MYSQL-ECV monitor is configured.

Possible values: ENABLED, DISABLED Default value: DISABLED

trofscode Code expected when the server is under maintenance Minimum value: 0

trofsstring String expected from the server for the service to be marked as trofs. Applicable to HTTP-ECV/TCP-ECV monitors.

sslProfile SSL Profile associated with the monitor

mqttClientIdentifier Client id to be used in Connect command

mqttVersion Version of MQTT protocol used in connect message, default is version 3.1.1 [4] Default value: 4 Minimum value: 3

grpcHealthCheck Option to enable or disable gRPC health check service.

Possible values: YES, NO Default value: NO

grpcStatusCode gRPC status codes for which to mark the service as UP. The default value is 12(health check unimplemented). If the gRPC status code 0 is received from the backend this configuration is ignored. Minimum value: 0

grpcServiceName Option to specify gRPC service name on which gRPC health check need to be performed

Example

set monitor http_mon http -respcode 100

add lb monitor

Creates a monitor that you can bind to load balancing services. The monitor periodically sends probes to those services to test their availability.

Synopsis

add lb monitor \[-action ] \[-respCode <int\[-int]> ...] \[-httpRequest ] \[-rtspRequest ] \[-customHeaders ] \[-maxForwards <positive\_integer>] \[-sipMethod ] \[-sipURI ] \[-sipregURI ] \[-send ] \[-recv ] \[-query ] \[-queryType ] \[-scriptName ] \[-scriptArgs ] \[-secureArgs ] \[-dispatcherIP <ip\_addr>] \[-dispatcherPort ] \[-userName ] {-password } {-secondaryPassword } \[-logonpointName ] \[-lasVersion ] {-radKey } \[-radNASid ] \[-radNASip <ip\_addr>] \[-radAccountType <positive\_integer>] \[-radFramedIP <ip\_addr>] \[-radAPN ] \[-radMSISDN ] \[-radAccountSession ] \[-LRTM \( ENABLED | DISABLED )] \[-deviation <positive\_integer> \[]] \[-interval \[]] \[-resptimeout \[]] \[-resptimeoutThresh <positive\_integer>] \[-retries ] \[-failureRetries ] \[-alertRetries ] \[-successRetries ] \[-downTime \[]] \[-destIP <ip\_addr|ipv6\_addr>] \[-destPort ] \[-state \( ENABLED | DISABLED )] \[-reverse \( YES | NO )] \[-transparent \( YES | NO )] \[-ipTunnel \( YES | NO )] \[-tos \( YES | NO )] \[-tosId <positive\_integer>] \[-secure \( YES | NO )] \[-validateCred \( YES | NO )] \[-domain ] \[-IPAddress <ip\_addr|ipv6\_addr|\*> ...] \[-group ] \[-fileName ] \[-baseDN ] \[-bindDN ] \[-filter ] \[-attribute ] \[-database | -oracleSid ] \[-sqlQuery ] \[-evalRule ] \[-mssqlProtocolVersion ] \[-snmpOID ] \[-snmpCommunity ] \[-snmpThreshold ] \[-snmpVersion \( V1 | V2 )] \[-metricTable ] \[-application ] \[-sitePath ] \[-storename ] \[-storefrontacctservice \( YES | NO )] \[-netProfile ] \[-originHost ] \[-originRealm ] \[-hostIPAddress <ip\_addr|ipv6\_addr|\*>] \[-vendorId <positive\_integer>] \[-productName ] \[-firmwareRevision <positive\_integer>] \[-authApplicationId <positive\_integer> ...] \[-acctApplicationId <positive\_integer> ...] \[-inbandSecurityId \( NO\_INBAND\_SECURITY | TLS )] \[-supportedVendorIds <positive\_integer> ...] \[-vendorSpecificVendorId <positive\_integer> \[-vendorSpecificAuthApplicationIds <positive\_integer> ...] \[-vendorSpecificAcctApplicationIds <positive\_integer> ...]] \[-kcdAccount ] \[-storedb \( ENABLED | DISABLED )] \[-storefrontcheckbackendservices \( YES | NO )] \[-trofscode <positive\_integer>] \[-trofsstring ] \[-sslProfile ] \[-mqttClientIdentifier ] \[-mqttVersion <positive\_integer>] \[-grpcHealthCheck \( YES | NO )] \[-grpcStatusCode <positive\_integer> ...] \[-grpcServiceName ]

Arguments

monitorName Name for the monitor. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my monitor” or ‘my monitor’).

type Type of monitor that you want to create.

Possible values: PING, TCP, HTTP, TCP-ECV, HTTP-ECV, UDP-ECV, DNS, FTP, LDNS-PING, LDNS-TCP, LDNS-DNS, RADIUS, USER, HTTP-INLINE, SIP-UDP, SIP-TCP, LOAD, FTP-EXTENDED, SMTP, SNMP, NNTP, MYSQL, MYSQL-ECV, MSSQL-ECV, ORACLE-ECV, LDAP, POP3, CITRIX-XML-SERVICE, CITRIX-WEB-INTERFACE, DNS-TCP, RTSP, ARP, CITRIX-AG, CITRIX-AAC-LOGINPAGE, CITRIX-AAC-LAS, CITRIX-XD-DDC, ND6, CITRIX-WI-EXTENDED, DIAMETER, RADIUS_ACCOUNTING, STOREFRONT, APPC, SMPP, CITRIX-XNC-ECV, CITRIX-XDM, CITRIX-STA-SERVICE, CITRIX-STA-SERVICE-NHOP, MQTT, HTTP2

action Action to perform when the response to an inline monitor (a monitor of type HTTP-INLINE) indicates that the service is down. A service monitored by an inline monitor is considered DOWN if the response code is not one of the codes that have been specified for the Response Code parameter. Available settings function as follows:

  • NONE - Do not take any action. However, the show service command and the show lb monitor command indicate the total number of responses that were checked and the number of consecutive error responses received after the last successful probe.
  • LOG - Log the event in NSLOG or SYSLOG.
  • DOWN - Mark the service as being down, and then do not direct any traffic to the service until the configured down time has expired. Persistent connections to the service are terminated as soon as the service is marked as DOWN. Also, log the event in NSLOG or SYSLOG.

Possible values: NONE, LOG, DOWN Default value: DOWN

respCode Response codes for which to mark the service as UP. For any other response code, the action performed depends on the monitor type. HTTP monitors and RADIUS monitors mark the service as DOWN, while HTTP-INLINE monitors perform the action indicated by the Action parameter.

httpRequest HTTP request to send to the server (for example, “HEAD /file.html”).

rtspRequest RTSP request to send to the server (for example, “OPTIONS *”).

customHeaders Custom header string to include in the monitoring probes.

maxForwards Maximum number of hops that the SIP request used for monitoring can traverse to reach the server. Applicable only to monitors of type SIP-UDP. Default value: 1 Minimum value: 0 Maximum value: 255

sipMethod SIP method to use for the query. Applicable only to monitors of type SIP-UDP.

Possible values: OPTIONS, INVITE, REGISTER

sipURI SIP URI string to send to the service (for example, sip:sip.test). Applicable only to monitors of type SIP-UDP.

sipregURI SIP user to be registered. Applicable only if the monitor is of type SIP-UDP and the SIP Method parameter is set to REGISTER.

send String to send to the service. Applicable to TCP-ECV, HTTP-ECV, and UDP-ECV monitors.

recv String expected from the server for the service to be marked as UP. Applicable to TCP-ECV, HTTP-ECV, and UDP-ECV monitors.

query Domain name to resolve as part of monitoring the DNS service (for example, example.com).

queryType Type of DNS record for which to send monitoring queries. Set to Address for querying A records, AAAA for querying AAAA records, and Zone for querying the SOA record.

Possible values: Address, Zone, AAAA

scriptName Path and name of the script to execute. The script must be available on the Citrix ADC, in the /nsconfig/monitors/ directory.

scriptArgs String of arguments for the script. The string is copied verbatim into the request.

secureArgs List of arguments for the script which should be secure

dispatcherIP IP address of the dispatcher to which to send the probe.

dispatcherPort Port number on which the dispatcher listens for the monitoring probe.

userName User name with which to probe the RADIUS, NNTP, FTP, FTP-EXTENDED, MYSQL, MSSQL, POP3, CITRIX-AG, CITRIX-XD-DDC, CITRIX-WI-EXTENDED, CITRIX-XNC or CITRIX-XDM server.

password Password that is required for logging on to the RADIUS, NNTP, FTP, FTP-EXTENDED, MYSQL, MSSQL, POP3, CITRIX-AG, CITRIX-XD-DDC, CITRIX-WI-EXTENDED, CITRIX-XNC-ECV or CITRIX-XDM server. Used in conjunction with the user name specified for the User Name parameter.

secondaryPassword Secondary password that users might have to provide to log on to the Access Gateway server. Applicable to CITRIX-AG monitors.

logonpointName Name of the logon point that is configured for the Citrix Access Gateway Advanced Access Control software. Required if you want to monitor the associated login page or Logon Agent. Applicable to CITRIX-AAC-LAS and CITRIX-AAC-LOGINPAGE monitors.

lasVersion Version number of the Citrix Advanced Access Control Logon Agent. Required by the CITRIX-AAC-LAS monitor.

radKey Authentication key (shared secret text string) for RADIUS clients and servers to exchange. Applicable to monitors of type RADIUS and RADIUS_ACCOUNTING.

radNASid NAS-Identifier to send in the Access-Request packet. Applicable to monitors of type RADIUS.

radNASip Network Access Server (NAS) IP address to use as the source IP address when monitoring a RADIUS server. Applicable to monitors of type RADIUS and RADIUS_ACCOUNTING.

radAccountType Account Type to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING. Default value: 1 Minimum value: 0 Maximum value: 15

radFramedIP Source ip with which the packet will go out . Applicable to monitors of type RADIUS_ACCOUNTING.

radAPN Called Station Id to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

radMSISDN Calling Stations Id to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

radAccountSession Account Session ID to be used in Account Request Packet. Applicable to monitors of type RADIUS_ACCOUNTING.

LRTM Calculate the least response times for bound services. If this parameter is not enabled, the appliance does not learn the response times of the bound services. Also used for LRTM load balancing.

Possible values: ENABLED, DISABLED

deviation Time value added to the learned average response time in dynamic response time monitoring (DRTM). When a deviation is specified, the appliance learns the average response time of bound services and adds the deviation to the average. The final value is then continually adjusted to accommodate response time variations over time. Specified in milliseconds, seconds, or minutes. Minimum value: 0 Maximum value: 20939

units Unit of measurement for the Deviation parameter. Cannot be changed after the monitor is created.

Possible values: SEC, MSEC, MIN Default value: SEC

interval Time interval between two successive probes. Must be greater than the value of Response Time-out. Default value: 5 Minimum value: 1 Maximum value: 20940

units monitor interval units

Possible values: SEC, MSEC, MIN Default value: SEC

resptimeout Amount of time for which the appliance must wait before it marks a probe as FAILED. Must be less than the value specified for the Interval parameter.

Note: For UDP-ECV monitors for which a receive string is not configured, response timeout does not apply. For UDP-ECV monitors with no receive string, probe failure is indicated by an ICMP port unreachable error received from the service. Default value: 2 Minimum value: 1 Maximum value: 20939

units monitor response timeout units

Possible values: SEC, MSEC, MIN Default value: SEC

resptimeoutThresh Response time threshold, specified as a percentage of the Response Time-out parameter. If the response to a monitor probe has not arrived when the threshold is reached, the appliance generates an SNMP trap called monRespTimeoutAboveThresh. After the response time returns to a value below the threshold, the appliance generates a monRespTimeoutBelowThresh SNMP trap. For the traps to be generated, the “MONITOR-RTO-THRESHOLD” alarm must also be enabled. Minimum value: 0 Maximum value: 100

retries Maximum number of probes to send to establish the state of a service for which a monitoring probe failed. Default value: 3 Minimum value: 1 Maximum value: 127

failureRetries Number of retries that must fail, out of the number specified for the Retries parameter, for a service to be marked as DOWN. For example, if the Retries parameter is set to 10 and the Failure Retries parameter is set to 6, out of the ten probes sent, at least six probes must fail if the service is to be marked as DOWN. The default value of 0 means that all the retries must fail if the service is to be marked as DOWN. Maximum value: 32

alertRetries Number of consecutive probe failures after which the appliance generates an SNMP trap called monProbeFailed. Maximum value: 32

successRetries Number of consecutive successful probes required to transition a service’s state from DOWN to UP. Default value: 1 Minimum value: 1 Maximum value: 32

downTime Time duration for which to wait before probing a service that has been marked as DOWN. Expressed in milliseconds, seconds, or minutes. Default value: 30 Minimum value: 1 Maximum value: 20939

units Unit of measurement for the Down Time parameter. Cannot be changed after the monitor is created.

Possible values: SEC, MSEC, MIN Default value: SEC

destIP IP address of the service to which to send probes. If the parameter is set to 0, the IP address of the server to which the monitor is bound is considered the destination IP address.

destPort TCP or UDP port to which to send the probe. If the parameter is set to 0, the port number of the service to which the monitor is bound is considered the destination port. For a monitor of type USER, however, the destination port is the port number that is included in the HTTP request sent to the dispatcher. Does not apply to monitors of type PING.

state State of the monitor. The DISABLED setting disables not only the monitor being configured, but all monitors of the same type, until the parameter is set to ENABLED. If the monitor is bound to a service, the state of the monitor is not taken into account when the state of the service is determined.

Possible values: ENABLED, DISABLED Default value: ENABLED

reverse Mark a service as DOWN, instead of UP, when probe criteria are satisfied, and as UP instead of DOWN when probe criteria are not satisfied.

Possible values: YES, NO Default value: NO

transparent The monitor is bound to a transparent device such as a firewall or router. The state of a transparent device depends on the responsiveness of the services behind it. If a transparent device is being monitored, a destination IP address must be specified. The probe is sent to the specified IP address by using the MAC address of the transparent device.

Possible values: YES, NO Default value: NO

ipTunnel Send the monitoring probe to the service through an IP tunnel. A destination IP address must be specified.

Possible values: YES, NO Default value: NO

tos Probe the service by encoding the destination IP address in the IP TOS (6) bits.

Possible values: YES, NO

tosId The TOS ID of the specified destination IP. Applicable only when the TOS parameter is set. Minimum value: 1 Maximum value: 63

secure Use a secure SSL connection when monitoring a service. Applicable only to TCP based monitors. The secure option cannot be used with a CITRIX-AG monitor, because a CITRIX-AG monitor uses a secure connection by default.

Possible values: YES, NO Default value: NO

validateCred Validate the credentials of the Xen Desktop DDC server user. Applicable to monitors of type CITRIX-XD-DDC.

Possible values: YES, NO Default value: NO

domain Domain in which the XenDesktop Desktop Delivery Controller (DDC) servers or Web Interface servers are present. Required by CITRIX-XD-DDC and CITRIX-WI-EXTENDED monitors for logging on to the DDC servers and Web Interface servers, respectively.

IPAddress Set of IP addresses expected in the monitoring response from the DNS server, if the record type is A or AAAA. Applicable to DNS monitors.

group Name of a newsgroup available on the NNTP service that is to be monitored. The appliance periodically generates an NNTP query for the name of the newsgroup and evaluates the response. If the newsgroup is found on the server, the service is marked as UP. If the newsgroup does not exist or if the search fails, the service is marked as DOWN. Applicable to NNTP monitors.

fileName Name of a file on the FTP server. The appliance monitors the FTP service by periodically checking the existence of the file on the server. Applicable to FTP-EXTENDED monitors.

baseDN The base distinguished name of the LDAP service, from where the LDAP server can begin the search for the attributes in the monitoring query. Required for LDAP service monitoring.

bindDN The distinguished name with which an LDAP monitor can perform the Bind operation on the LDAP server. Optional. Applicable to LDAP monitors.

filter Filter criteria for the LDAP query. Optional.

attribute Attribute to evaluate when the LDAP server responds to the query. Success or failure of the monitoring probe depends on whether the attribute exists in the response. Optional.

database Name of the database to connect to during authentication.

oracleSid Name of the service identifier that is used to connect to the Oracle database during authentication.

sqlQuery SQL query for a MYSQL-ECV or MSSQL-ECV monitor. Sent to the database server after the server authenticates the connection.

evalRule Expression that evaluates the database server’s response to a MYSQL-ECV or MSSQL-ECV monitoring query. Must produce a Boolean result. The result determines the state of the server. If the expression returns TRUE, the probe succeeds. For example, if you want the appliance to evaluate the error message to determine the state of the server, use the rule MYSQL.RES.ROW(10) .TEXT_ELEM(2).EQ(“MySQL”).

mssqlProtocolVersion Version of MSSQL server that is to be monitored.

Possible values: 70, 2000, 2000SP1, 2005, 2008, 2008R2, 2012, 2014 Default value: 70

snmpOID SNMP OID for SNMP monitors.

snmpCommunity Community name for SNMP monitors.

snmpThreshold Threshold for SNMP monitors.

snmpVersion SNMP version to be used for SNMP monitors.

Possible values: V1, V2

metricTable Metric table to which to bind metrics.

application Name of the application used to determine the state of the service. Applicable to monitors of type CITRIX-XML-SERVICE.

sitePath URL of the logon page. For monitors of type CITRIX-WEB-INTERFACE, to monitor a dynamic page under the site path, terminate the site path with a slash (/). Applicable to CITRIX-WEB-INTERFACE, CITRIX-WI-EXTENDED and CITRIX-XDM monitors.

storename Store Name. For monitors of type STOREFRONT, STORENAME is an optional argument defining storefront service store name. Applicable to STOREFRONT monitors.

storefrontacctservice Enable/Disable probing for Account Service. Applicable only to Store Front monitors. For multi-tenancy configuration users my skip account service

Possible values: YES, NO Default value: YES

netProfile Name of the network profile.

originHost Origin-Host value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

originRealm Origin-Realm value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

hostIPAddress Host-IP-Address value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. If Host-IP-Address is not specified, the appliance inserts the mapped IP (MIP) address or subnet IP (SNIP) address from which the CER request (the monitoring probe) is sent.

vendorId Vendor-Id value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. Minimum value: 0

productName Product-Name value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

firmwareRevision Firmware-Revision value for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. Minimum value: 0

authApplicationId List of Auth-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring CER message. Minimum value: 0 Maximum value: 4294967295

acctApplicationId List of Acct-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. Minimum value: 0 Maximum value: 4294967295

inbandSecurityId Inband-Security-Id for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers.

Possible values: NO_INBAND_SECURITY, TLS

supportedVendorIds List of Supported-Vendor-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum eight of these AVPs are supported in a monitoring message. Minimum value: 1 Maximum value: 4294967295

vendorSpecificVendorId Vendor-Id to use in the Vendor-Specific-Application-Id grouped attribute-value pair (AVP) in the monitoring CER message. To specify Auth-Application-Id or Acct-Application-Id in Vendor-Specific-Application-Id, use vendorSpecificAuthApplicationIds or vendorSpecificAcctApplicationIds, respectively. Only one Vendor-Id is supported for all the Vendor-Specific-Application-Id AVPs in a CER monitoring message. Minimum value: 1

vendorSpecificAuthApplicationIds List of Vendor-Specific-Auth-Application-Id attribute value pairs (AVPs) for the Capabilities-Exchange-Request (CER) message to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. The specified value is combined with the value of vendorSpecificVendorId to obtain the Vendor-Specific-Application-Id AVP in the CER monitoring message. Minimum value: 0 Maximum value: 4294967295

vendorSpecificAcctApplicationIds List of Vendor-Specific-Acct-Application-Id attribute value pairs (AVPs) to use for monitoring Diameter servers. A maximum of eight of these AVPs are supported in a monitoring message. The specified value is combined with the value of vendorSpecificVendorId to obtain the Vendor-Specific-Application-Id AVP in the CER monitoring message. Minimum value: 0 Maximum value: 4294967295

kcdAccount KCD Account used by MSSQL monitor

storedb Store the database list populated with the responses to monitor probes. Used in database specific load balancing if MSSQL-ECV/MYSQL-ECV monitor is configured.

Possible values: ENABLED, DISABLED Default value: DISABLED

storefrontcheckbackendservices This option will enable monitoring of services running on storefront server. Storefront services are monitored by probing to a Windows service that runs on the Storefront server and exposes details of which storefront services are running.

Possible values: YES, NO Default value: NO

trofscode Code expected when the server is under maintenance Minimum value: 0

trofsstring String expected from the server for the service to be marked as trofs. Applicable to HTTP-ECV/TCP-ECV monitors.

sslProfile SSL Profile associated with the monitor

mqttClientIdentifier Client id to be used in Connect command

mqttVersion Version of MQTT protocol used in connect message, default is version 3.1.1 [4] Default value: 4 Minimum value: 3

grpcHealthCheck Option to enable or disable gRPC health check service.

Possible values: YES, NO Default value: NO

grpcStatusCode gRPC status codes for which to mark the service as UP. The default value is 12(health check unimplemented). If the gRPC status code 0 is received from the backend this configuration is ignored. Minimum value: 0

grpcServiceName Option to specify gRPC service name on which gRPC health check need to be performed

Example

add monitor http_mon http

enable lb monitor

Enable the monitor that is bound to a specific service. If no monitor name is specified, all monitors bound to the service are enabled.

Synopsis

enable lb monitor (@ | @) \[]

Arguments

serviceName The name of the service to which the monitor is bound.

serviceGroupName The name of the service group to which the monitor is to be bound.

monitorName Name for the monitor. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my monitor” or ‘my monitor’).

Example

enable monitor http_svc http_mon To enable monitor for multiple services use the following command: enable monitor http_svc[1-3] http_mon

lb-monitor