Learning

Following are some of the best practices recommended when encountered with Learning functionality issues:

Aslearn process:

• Verify that the processaslearnis running.
• Check top command output

• Check output of ps command by executing the following command:

  ps -ax | grep aslearn | grep -v "grep"

  Example:

  root@ns\# ps -ax | grep aslearn | grep -v "grep" 1439 ?? Ss 0:03.86 /netscaler/aslearn -start -f /netscaler/aslearn.conf 

• Identify recent configuration commands ran prior to the observed problem by verifying thens.logfile:

  /var/log/ns.log

• Inspect aslearn logs to check for aslearn messages:

  /var/log/aslearn.log

• Isolate the profile and security check that is effected

• Identify the GUI and CLI command which is failing by executing the following command:

  show appfw learningdata

  Examples:

  • show learningdata test_profile starturl
  • show learningdata test_profile crosssiteScripting
  • show learningdata test_profile sqLInjection
  • show learningdata test_profile csRFtag
  • show learningdata test_profile fieldformat
  • show learningdata test_profile fieldconsistency

• Perform integrity check of sqlite from bsd shell prompt:

  nsshell # sqlite3 /var/nslog/asl/.db 'pragma integrity_check;

  Examples:

  root@ns# sqlite3 /var/nslog/asl/tsk0247284.db 'pragma integrity_check;' ok 

• Deploy or remove rules to start learning again:

  • If 2000 learn items (per protection) are reached, you cannot start learning any more for that protection
  • If 20 MB size is reached for the database, stop learning for all protections
  • Restart aslearn process

  */netscaler/aslearn -start -f/netscaler/aslearn.conf*

• Check the space in the /var folder by executing the following:

  du -h /var

• Check the learning threshold limits by executing the following command:

  show appfwlearningsettings

• Collect learned data by executing the following command:

  export appfwlearningdata

• Ascertain that learned data is uploaded in the collector.