Initial configuration¶
Once the Plixer FlowPro appliance has been deployed, power it on and log into the console using the credentials root:plixer. The appliance will then reboot following a quick initialization sequence.
Note
For hardware appliances, SSH to 192.168.168.168/24 using the credentials
plixer:flowproinstead. KVM appliances should runvirsh console Plixer FlowProand log in with the credentialsplixer:flowpro.Before proceeding, review these pre-deployment notes and complete the licensing process.
After the reboot, log in again and follow the initial setup script (~/flowpro/setup.sh) prompts:
Review and accept the EULA.
Configure the networking properties and user credentials for the appliance:
Appliance hostname (must be a fully qualified hostname)
Static IP address (must match the address registered for the probe in Plixer Scrutinizer)
CIDR (mask only - 8, 16, etc.)
Gateway
DNS IP
New password for the
rootuserNew password for the
plixeruser
Wait for the appliance to reboot, and then SSH to the IP address entered as the
plixeruser with the new password.Provide the following Plixer Scrutinizer details:
Current password for the
plixeruserIP address of the Plixer Scrutinizer server (or the primary reporter in distributed clusters)
Destination collector address (either same standalone server as above, a remote collector in a distributed cluster, or a Plixer Replicator instance)
Authentication token generated by Plixer Scrutinizer
Enter the following details to generate a new SSL certificate:
Country name: 2-letter country code
State or province name: Complete state or province name
Locality name: Complete locality or city name
Organizational unit name: Section
Common name: Server FQDN or your name
Alternative DNS name 1 (press Enter to stop adding)
Select whether the appliance can access the Internet or to continue the setup locally, and then follow the additional instructions.
[Optional] Configure a SPAN/mirror session:
[Optional] Configure ERSPAN:
[Optional] If an APM key has not been entered via the Plixer Scrutinizer web interface, select Yes to enter it when prompted.
Enter the address of the NTP server to use for clock-syncing.
After the above steps have been completed, Plixer Scrutinizer should start receiving flow data from an exporter with the FlowPro appliance’s local MGMT interface address.
Note
The setup script automatically generates both a self-signed certificate and a certificate signing request (~/flowpro/server.csr). After getting the request signed by a certificate authority, overwrite the existing ~/flowpro/server.crt. To continue using the self-signed certificate, navigate to https://<FLOWPRO_MGMT_IP>:8080 on each user browser and accept the security exception.
Setup utility runmodes¶
After the initial setup process, ~/flowpro/setup.sh can be manually executed to re-run the entire setup utility or access specific configuration services using the optional flags below:
sudo ./setup.sh [OPTION]
Reset |
|
Back up the current configuration |
|
Register all interfaces as monX interfaces |
|
Configure exporter settings, including MGMT IP, Plixer Scrutinizer server/reporter IP, collector IP, and authentication token; configure Kafka is Plixer ML Engine ETA IP is provided |
|
Configure SSL certificate details and re-create the self-signed certificate and certificate signing request |
|
Pull Suricata image from Dockerhub and set up Docker environment (also supports offline setup with a local Docker image) |
|
Configure ERSPAN settings |
|
Reset firewall settings to default |
|
Configure Rx and Tx interface pairs for monitoring |
|
Add/edit a Plixer FlowPro APM key (written to |
|
Configure NTP server details (written to |
|
Plixer FlowPro service management¶
The Plixer FlowPro service is managed using the following command:
service flowpro [start|stop|restart]