FlowPro : Features and Functionality¶
This section describes the specific features and functionality of the FlowPro.
Using an SSH Client, ssh to the FlowPro and log in as the flowpro user using the password configured during the installation process.
[root@VA_DC_5 ~]# ssh email@example.com Password: Last login: Mon May 4 12:25:11 2015 from 10.1.10.65 FlowPro (TM) v18.104.22.1687 [2015-04-30 16:01:05 -0400 (Thu, 30 Apr 2015)] Copyright (C) 2012 - 2015 Plixer International, Inc. All rights reserved. Plixer Need an IPFIX Collector? Download Scrutinizer at http://www.plixer.com Machine ID : xxxxxxxxxxxxxxxx Licensed Version : 15.5 Licensed Type : standard Expiration : Tue Apr 12 2016 License expires in 343 day(s) FLOWPRO>
The FLOWPRO> prompt indicates the FlowPro is ready for commands. If the initial steps are done correctly, the FlowPro is already processing traffic and sending feedback to the IPFIX collector specified.
If any hardware malfunctions occur, contact technical support for assistance.
Applying Security Patches¶
Although efforts are made to minimize the risk for security breaches on the appliance, updates to core OS components may be applied.
It is recommended that updates are not installed unless technical support advises or assists. For more information, contact technical support.
Customers are entitled to upgrades provided that maintenance is active. For further instructions, contact technical support.
Backing up the FlowPro¶
The FlowPro stores all its details in the plixer.ini file. From the FLOWPRO> prompt, type edit plixer.ini and copy the file contents to a safe location.
Restoring a FlowPro from Backup¶
To restore the FlowPro backup, use ssh to log into the appliance. From the FLOWPRO> prompt, type edit plixer.ini and hit enter. Overwrite the contents of the file with the backed up plixer.ini content. Save the changes. FlowPro will rebuild the appropriate files and begin operations.
If a new server is being used or server configurations have changed, a new license key may need to be applied.
The clear command clears log files from the FlowPro. These log files contain details pertaining to the operation of flowpro.
- EXAMPLE clear log <logfile>
- FLOWPRO> clear log dns1yaf.log
By executing clear log by itself, FlowPro will show a list of available logs.
The edit command is used to modify system files used in the day to day operations of FlowPro.
- EXAMPLE edit <plixer.ini>
The plixer.ini file is the main configuration file for FlowPro. It contains settings used by FlowPro to configure licensing, reputation lists, listening interfaces, IPFIX collector, and more.
- FLOWPRO> edit plixer.ini
The license command is used to manage the FlowPro license key. Applying a license will upgrade a FlowPro to FlowPro Defender or FlowPro APM. A license is not required to run FlowPro.
To generate a license key, Plixer or the reseller will need the FlowPro’s unique machine ID. The machine ID is displayed when issuing the license check command.
The following command can be used to show licensing details:
FLOWPRO> license check Machine ID : 5YZ6XEPV66C766369M8DBN2A Licensed Version : 15.5 Licensed Type : valid Expiration : Thu Jul 28 2016 License expires in 730 day(s)
The license key can be configured on the FlowPro using the license set command.
FLOWPRO> license set
When applying the license key, it must be one continuous string without any line feeds or carriage returns on the same line as the license=.
[flowpro] collector=10.1.4.94:2055 enableDomainReputationList=1 monitorTraffic=mon1 monitorDNS=mon2 license=Nb7RuIh35R1Uv9uOWTWhBUuLX4mLNtYCxfqlL0j3IEV2r// hkHhl3EnTTFdZZPK+0jprzFIlW10dmIN7sZOiwlCcA+L5g6HTzQJ/ b8l6hLeLEsoHiYXgj0SsWkKeCu2IBb6Alpv3msIf1k+ps2cbf8abUR/ kdLVkwOwAwozq2kY7/RzTwvj7$
In the new window, beside license= paste in the license key and Press CTRL+X to save. Issuing the license check or license status will verify the key is properly installed.
Contact technical support to acquire a new license key.
The password command will change the password used for the flowpro username.
FLOWPRO> password (current) UNIX password: New password: Retype new password: Successful password changes will be applied to the next log in.
This password is used when logging in remotely or on the server directly
The service command can be used to manually start, stop, or restart the FlowPro service.
service <service_name> <start|stop|restart>
FLOWPRO> service flowpro restart
The set command is used to set certain system parameters. At this time, it is used to set the IPFIX Collector. It is primarily an alias to the command edit plixer.ini.
FLOWPRO> set collector
Future versions of FlowPro may allow users to utilize the set command without modifying the full configuration.
The show command is used to display state or list details available for modification and customization by the user.
The show log command lists the available logs to view. By specifying a log file name after the show log command, it will display its contents.
The show realtime command lists the available logs to watch in real time. By specifying a log file name after the show realtime command, it will show new content added to the log file as it happens.
The show status command displays all running components of the FlowPro system, the state of those services, and the current license details.
FLOWPRO> show status +-------------------------------------------------------------------+ | FlowPro ACTIVE | FlowPro Process Monitor ACTIVE | (Traffic) mon1 ACTIVE | FlowPro License Free +-------------------------------------------------------------------+
The snoop command can be used to verify that packets are being received by or sent from the FlowPro for a certain IP address or interface.
- snoop ip <ip_address>
- snoop interfaces <interface_name>
FLOWPRO> snoop ip 10.1.1.1 FLOWPRO> snoop interfaces mon1
Press CTRL+C to exit the snoop command.
The system command is used to change state of the FlowPro. The directive change is used to change the host name or IP address.
FLOWPRO> system change FLOWPRO> system restart FLOWPRO> system shutdown
Ingress, Egress and Observation Domain Configuration¶
The default behavior for traffic monitoring is to label the flows from each interface as its own ingress and egress. (mon1 = ingress on 1, egress on 1). By default, the observation domain is fixed at 42. However, FlowPro can be configured to label the flows as coming from any licensed ingress and egress interface, and/or from any observation domain.
For example: Users may want to label traffic monitoring so ingress is mon1 (i.e. 1) and egress is mon2 (i.e. 2).
This is done by modifying the plixer.ini
FLOWPRO> edit plixer.in
In the editor, locate the following line:
When specified in this format, mon1 is configured for ingress of 1 and egress of 1. By modifying this setting in the following format, FlowPro will configure mon1 to have an ingress of 1 and egress of 2.
The format to use is monX:ingress:egress. Once the necessary configuration changes have been made, save the plixer.ini file. FlowPro will then restart the services with the new configuration. Note that the values for ingress and egress are limited to the maximum number of licensed interfaces.
To define a different observation domain for an interface, modify the plixer.ini file as before using the format monX:ingress:egress:observation_domain. To set the observation domain, the ingress and egress labels must also be set. To change the observation domain for mon1 to 45, while using the ingress and egress values set above, modify the setting above to read as:
Or, to use the default values for mon1 with an observation domain of 45: