Initial configuration

Once the FlowPro appliance has been deployed and the necessary monitoring interfaces have been added, power it on and log into the console using the credentials root:plixer. The appliance will go through a quick initialization sequence and then reboot.

Note

  • For hardware appliances, SSH to 192.168.168.168/24 using the credentials plixer:flowpro instead. KVM appliances should run virsh console Plixer FlowPro and log in with the credentials plixer:flowpro.

  • Before proceeding, review these pre-deployment notes and complete the licensing process.

Appliance setup

After the reboot, log in again and follow the initial setup prompts:

  1. Review and accept the EULA.

  2. Configure the networking properties and user credentials for the appliance:

    • Appliance hostname (must be a fully qualified hostname)

    • Static IP address (must match the address registered for the probe in Scrutinizer)

    • CIDR (mask only - 8, 16, etc.)

    • Gateway

    • DNS IP

    • New password for the root user

    • New password for the plixer user

  3. Wait for the appliance to reboot, and then SSH to the IP address entered as the plixer user with the new password.

  4. Provide the following Scrutinizer details:

    • Current password for the plixer user

    • IP address of the Scrutinizer server (or the primary reporter in distributed clusters)

    • Destination collector address (either same standalone server as above, a remote collector in a distributed cluster, or a Replicator instance)

    • Authentication token generated after the probe was registered in Scrutinizer

  5. Enter the following details to generate a new SSL certificate:

    • Country name: 2-letter country code

    • State or province name: Complete state or province name

    • Locality name: Complete locality or city name

    • Organizational unit name: Section

    • Common name: Server FQDN or your name

    • Alternative DNS name 1 (press Enter to stop adding)

  6. Select whether the appliance can access the Internet or to continue the setup locally, and then follow any additional instructions.

  7. If a FlowPro key has not been entered via the Scrutinizer web interface, select Yes to enter it when prompted.

  8. Enter the address of the NTP server to use for clock-syncing.

https://docs.plixer.com/projects/plixer-scrutinizer-docs/en/latest/features_and_functionality/fnf_ui/ui_admin/admin_plixer/admin_plixer_flowpro.html#admin-plixer-flowpro

After the initial appliance setup has been completed, monitoring interfaces should be registered and connected to observation points.

Note

The setup script automatically generates both a self-signed certificate and a certificate signing request (~/flowpro/server.csr). After getting the request signed by a certificate authority, overwrite the existing ~/flowpro/server.crt. To continue using the self-signed certificate, navigate to https://<FLOWPRO_MGMT_IP>:8080 on each user browser and accept the security exception.

Registering and connecting interfaces

Once the appliance is running, all monitoring interfaces must be registered and connected to observation points as follows:

Note

Monitoring interfaces can be added at any time following the corresponding instructions for ESXi, Hyper-V, or KVM deployments. The steps below must be completed after new monitoring interfaces are added.

  1. Register all additional interfaces as monX interfaces:

    cd flowpro
sudo ./setup.sh --monitor-ports

  2. Create one or more observation points by specifying Rx and Tx interface pairs for monitoring:

    sudo ./setup.sh --create-observation-point

To verify that the interfaces have been successfully registered and connected, check Flowpro.Interfaces in ~/flowpro/flowpro-settings.yaml.

Configuring ERSPAN

To configure traffic mirroring via ERSPAN, run the following after monitoring interfaces have been added and registered:

sudo ./setup.sh --erspan-config

And then enter the following details for the configuration:

  • IP address to assign to a monX interface

  • Source IP

  • Destination IP

  • ERSPAN ID and key

Setup utility runmodes

After the initial setup process, ~/flowpro/setup.sh can be manually executed to re-run the entire setup utility or initiate specific configuration services using the optional flags below:

sudo ./setup.sh [OPTION]

Reset /home/plixer/flowpro/flowpro-settings.yaml to its default state

--reset-config

Back up the current configuration

--reconfigure

Register all interfaces as monX interfaces

--monitor-ports

Configure exporter settings, including MGMT IP, Scrutinizer server/reporter IP, collector IP, and authentication token; configure Kafka if ML Engine ETA IP is provided

--exporter-config

Configure SSL certificate details and re-create the self-signed certificate and certificate signing request

--cert-generation

Pull Suricata image from Dockerhub and set up Docker environment (also supports offline setup with a local Docker image)

--container-setup

Configure ERSPAN settings

--erspan-config

Reset firewall settings to default

--firewall-mgmt

Configure Rx and Tx interface pairs for monitoring

--create-observation-point

Add/edit a FlowPro key (written to /etc/nprobe.license)

--set-apm-key

Configure NTP server details (written to /etc/ntp.conf) and restart the service

--set-ntp

FlowPro service management

The FlowPro service is managed using the following command:

service flowpro [start|stop|restart]