Initial configuration¶
Once the FlowPro appliance has been deployed, power it on and log into the console using the credentials root:plixer. The appliance will then reboot following a quick initialization sequence.
Note
For hardware appliances, SSH to 192.168.168.168/24 using the credentials
plixer:flowproinstead. KVM appliances should runvirsh console Plixer FlowProand log in with the credentialsplixer:flowpro.Before proceeding, review these pre-deployment notes and complete the licensing process.
After the reboot, log in again and follow the initial setup script (~/flowpro/setup.sh) prompts:
Review and accept the EULA.
Configure the networking properties and user credentials for the appliance:
Appliance hostname (must be a fully qualified hostname)
Static IP address (must match the address registered for the probe in Scrutinizer)
CIDR (mask only - 8, 16, etc.)
Gateway
DNS IP
New password for the
rootuserNew password for the
plixeruser
Wait for the appliance to reboot, and then SSH to the IP address entered as the
plixeruser with the new password.Provide the following Scrutinizer details:
Current password for the
plixeruserIP address of the Scrutinizer server (or the primary reporter in distributed clusters)
Destination collector address (either same standalone server as above, a remote collector in a distributed cluster, or a Replicator instance)
Authentication token generated by Scrutinizer
Enter the following details to generate a new SSL certificate:
Country name: 2-letter country code
State or province name: Complete state or province name
Locality name: Complete locality or city name
Organizational unit name: Section
Common name: Server FQDN or your name
Alternative DNS name 1 (press Enter to stop adding)
Select whether the appliance can access the Internet or to continue the setup locally, and then follow the additional instructions.
[Optional] Configure a SPAN/mirror session:
Specify the Rx and Tx monitor interfaces (e.g., mon1, mon2, etc.) on the appliance that will be receiving the traffic.
Select to apply FlowPro analytics for the monitored traffic.
[Optional] Configure ERSPAN:
IP address to assign to a monX interface
Source IP
Destination IP
ERSPAN ID and key
Select to apply FlowPro analytics for the monitored traffic.
[Optional] If a FlowPro key has not been entered via the Scrutinizer web interface, select Yes to enter it when prompted.
Enter the address of the NTP server to use for clock-syncing.
After the above steps have been completed, Scrutinizer should start receiving flow data from an exporter with the FlowPro appliance’s local MGMT interface address.
Note
The setup script automatically generates both a self-signed certificate and a certificate signing request (~/flowpro/server.csr). After getting the request signed by a certificate authority, overwrite the existing ~/flowpro/server.crt. To continue using the self-signed certificate, navigate to https://<FLOWPRO_MGMT_IP>:8080 on each user browser and accept the security exception.
Setup utility runmodes¶
After the initial setup process, ~/flowpro/setup.sh can be manually executed to re-run the entire setup utility or access specific configuration services using the optional flags below:
sudo ./setup.sh [OPTION]
Reset |
|
Back up the current configuration |
|
Register all interfaces as monX interfaces |
|
Configure exporter settings, including MGMT IP, Scrutinizer server/reporter IP, collector IP, and authentication token; configure Kafka is ML Engine ETA IP is provided |
|
Configure SSL certificate details and re-create the self-signed certificate and certificate signing request |
|
Pull Suricata image from Dockerhub and set up Docker environment (also supports offline setup with a local Docker image) |
|
Configure ERSPAN settings |
|
Reset firewall settings to default |
|
Configure Rx and Tx interface pairs for monitoring |
|
Add/edit a FlowPro key (written to |
|
Configure NTP server details (written to |
|
FlowPro service management¶
The FlowPro service is managed using the following command:
service flowpro [start|stop|restart]