Frequently Asked Questions

Important

For questions or concerns, contact Plixer Technical Support.

Q) What do we do if the NIC LEDs indicate an error after the cable from the appliance is connected to the switch port?

A) If the left LED stays off, verify that you are using a working cable of the correct type and check if the switch port has been correctly configured.

Q) What are the second on-board copper port and extra ports on the appliance expansion slots used for?

A) These additional monitoring ports can be used to passively collect network packets. Depending on the appliance model, there may be up to four extra monitoring ports available.

Q) How do I change the password of appliance beacon account?

A) Open a console or SSH session to the appliance as the beacon user, then enter the following command: $ passwd beacon.

Q) Is it possible for us to create our own license key file and upload it to the system?

A) Plixer Endpoint Analytics license keys can only be obtained by contacting Plixer Support and providing your appliance’s unique machine ID. License key files obtained through any other channels will not be accepted, and attempting to edit an existing license key file will likewise render it unusable.

Q) Is there a way to view the EULA after completing the initial configuration process for the appliance?

A) The EULA is stored on the appliance and can be viewed at any time by opening the file /usr/beacon/GBS-EULA.txt.

Q) Do we have to split up our network into multiple subnet groups as part of configuring Endpoint Analytics?

A) Plixer Endpoint Analytics requires only one subnet group to be defined to start collecting data. In larger deployments, however, it may be more practical to create multiple subnet groups to segment the address space into geographical, departmental, or other logical groups.

Q) Can we just use the Administrator account for all web interface tasks?

A) Administrator accounts have full access to all web interface features and functions, but it is highly recommended to rely on Operator and Analyst accounts for day-to-day operations.

Q) How do we change or reset the passwords for web interface user accounts?

A) To change or reset the password for a web interface user, use the Edit Account page. Users can also change their own passwords by opening the user menu and selecting My Settings.

Q) What happens to local web user accounts if we enable SSO and configure a third-party identity provider?

A) All local web user accounts will remain active even after SSO has been configured and enabled. However, SSO will become the primary authentication method for all users apart from the Administrator account going forward.

Q) Why can’t we edit the IP address of a device or the name of a device group using their respective edit pages?

A) Once a network device has been added, its IP address can no longer be edited, and the same is true for device groups and their names. To change those details, the network device or device group must be deleted and re-added with the new or corrected information.

Q) Why do we see multiple connections to the same non-trunk port when viewing endpoints by network device?

A) In the case of certain network devices (e.g., unmanaged switches, IP phones, and wireless access points), it’s possible to have multiple endpoints connected to the same port, even if it isn’t labeled as a trunk port.

Q) Will we be able to inspect wireless access points and their endpoints under the network device view?

A) Support for wireless LAN controllers (WLCs) and access points is currently limited to Cisco and Aruba wireless devices. When a WLC is configured as a network device, there will be three tabs when viewing device ports: Wired View, Wireless Endpoint View, and Wireless SSID View.

Q) Why are there fewer VLANs under the All Network Device Groups entry than the combined total for all NID groups in the Endpoints > By VLAN page?

A) Since multiple NIDs can share the same VLAN while belonging to different NID groups, the combined total of VLANs across all NID groups will often be greater than the actual number of detected VLANs.

Q) Can we access Plixer Endpoint Analytics Event information from other tools or systems?

A) Plixer Endpoint Analytics supports Event delivery to internal and external syslog servers. For additional information, see the section on syslog Event delivery.

Q) Why are we unable to click on the IP History in the Endpoint Summary page for an endpoint?

A) An endpoints whose MAC address has not yet been mapped to an IP address when the Endpoint Summary page is opened will have its IP History tab disabled.

Q) Why are we seeing an extremely large volume of Alarm Profile/Profile Consistency Events from one of our endpoints?

A) Alarm Profile and/or Profile Consistency Events will be triggered every time an endpoint MAC is re-modeled for as long as its state or behavior continues to satisfy the conditions of the Event(s). Endpoints that trigger such Events should be monitored closely to avoid repeated Event delivery.

Q) Why are we getting an error message whenever we try to upload a CSV file using the Import Custom Data page?

A) Plixer Endpoint Analytics only accepts custom data CSV files that are correctly formatted. If you are having issues, we recommend using the template that can be downloaded from the Import Custom Data page.

Q) What kind of database does Plixer Endpoint Analytics use to store its data and can we back it up?

A) Plixer Endpoint Analytics uses a PostgreSQL (single) database to store all system configuration and endpoint data. The system performs an automatic backup of the database every day, at approximately 0300 system time, but manual backups can also be initiated from the System Summary page of the Plixer Endpoint Analytics web interaface.

Q) Is there a way to omit customer-specific identifiers in Plixer Endpoint Analytics database backups?

A) Tick the Anonymized checkbox in the Backup Database dialogue to create the backup without customer-specific identifiers.

Q) Where are database backups kept on the Plixer Endpoint Analytics appliance?

A) Database backups are maintained in the /backup directory of the appliance with a 30-day cleanup rotation. To determine the dates when the current backup files were created, perform ls –la on the directory.

Q) Is there a way to restore our previous settings/data in the event of appliance failure?

A) In case it becomes necessary to perform a full system recovery, the appliance software image must be reinstalled before re-running the scripts to set up the basic system configuration and licensing. From there, restoring the database will return the system to its exact state during the backup. For assistance with this process, contact Plixer support.