Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[O11y][CItrix ADC] Support NITRO SESSION Authentication mechanism for interface, lbvserver, vpn, system and server data streams #12144

Open
harnish-elastic opened this issue Dec 18, 2024 · 0 comments
Labels
enhancement New feature or request Integration:citrix_adc Citrix ADC Team:Obs-InfraObs Label for the Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations]

Comments

@harnish-elastic
Copy link
Contributor

harnish-elastic commented Dec 18, 2024

Issue and analysis

Currently, the Citrix ADC supports Basic Auth mechanism to authenticate and data collection. For each data streams there could be 1 authentication call with respect to interval (default 10s). Here is the performing request logs for data streams.
Image

Also here are the logs after Postman calls from citrix adc,

Dec 18 06:00:10 192.0.0.1  12/18/2024:06:00:10 GMT f29fabbea6e2 0-PPE-0 : default API CMD_EXECUTED 7402 0 :  User nsroot - Remote_ip 172.20.4.111 - Command "login nsroot "********"" - Status "Success"
Dec 18 06:00:10 192.0.0.1  12/18/2024:06:00:10 GMT f29fabbea6e2 0-PPE-0 : default API CMD_EXECUTED 7403 0 :  User nsroot - Remote_ip 172.20.4.111 - Command "stat lb vserver" - Status "Success"
Dec 18 06:00:10 192.0.0.1  12/18/2024:06:00:10 GMT f29fabbea6e2 0-PPE-0 : default API CMD_EXECUTED 7404 0 :  User nsroot - Remote_ip 172.20.4.111 - Command "logout" - Status "Success"

To reduce the authentication for every interval, we can use the NITRO SESSION authentication mechanism for interface, lbvserver, vpn, system and server data streams.

Here are the logs after creating the sessionID from /nitro/v1/config/login api and then using the sessionID to perform data collection.

Dec 18 06:01:04 192.0.0.1  12/18/2024:06:01:04 GMT f29fabbea6e2 0-PPE-0 : default API CMD_EXECUTED 7412 0 :  User nsroot - Remote_ip 172.20.4.111 - Command "stat interface" - Status "Success"

Implementation

  • Currently we are using the httpjson input to collect data from Citrix ADC. To support NITRO SESSION, we need to use CEL input due to conditional operations handling. Hence we need to switch to CEL input from HTTPJSON input.
  • Mostly there are no configuration parameter changes for existing user. That means from username and password we can generate the sessionid and using the sessionid we can fetch the data from Citrix ADC.

Reference

Relates

@harnish-elastic harnish-elastic added enhancement New feature or request Integration:citrix_adc Citrix ADC Team:Obs-InfraObs Label for the Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] labels Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request Integration:citrix_adc Citrix ADC Team:Obs-InfraObs Label for the Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations]
Projects
None yet
Development

No branches or pull requests

1 participant