Definitions

  • 3rd Party Integration: Create links to 3rd party applications and pass variables in URLs. After enabling 3rd Party Integration links will be available in the Device Explorer on the Maps and Status Tabs.

    Warning

    Please be aware that Solarwinds includes the User ID and Password in plain text in the URL. Using HTTPS will protect the integrity of the credentials over the network, but they will still be visible in the URL, per process set by Solarwinds.

  • Applications: This feature is useful for properly labeling in-house applications. Some applications utilize multiple IP addresses and ranges of ports. This utility is used to create a single application name that is made up of multiple IP addresses, numerous ports and protocols.

  • Autonomous Systems: Display and search Autonomous System Names that are shipped with the software, or imported by the user. Use import asns in Interactive scrut_util to import AS Names.

  • Host Names: Setup and modify known hosts. Use this option to statically assign host names to IP addresses that will not age out. It can also be used to label subnets in the related report types. There are three resolve DNS options:

  • Current: Has been, or attempted to be, resolved already (will expire in whatever days are set in the serverprefs).

  • Queued - Ready to be resolved by the resolver. User can set it to Queued to force a DNS resolve again on the host.

  • Never - A permanent address that was manually added by the user. Users can make names permanent by switching this to never. It’s not purged.

  • Interface Details: Displays the SNMP details of the devices sending flows. Allows custom device and interface names to be defined which override the defaults. Notice that the in and out speeds can be entered to override what was collected with SNMP.

  • IP Groups: IP Groups are used to group ranges of IP addresses or subnets that belong in a specific group or region (e.g. Marketing, sales, phones, Northeast, etc.). A single IP group can contain multiple ranges and / or subnets. Run a report on an interface to see the IP Group reports.

    When adding new IP Groups, at least one rule is required for a valid group to be created. Available IP Group rules are:

    • IP address: Enter an IP Address in the text box. To enter multiple IP addresses that are not in a range, click Add to add additional IP address rules.

    • IP range: Defines a range of IP Addresses. Enter the Start IP address and End IP address in the text boxes.

    • IP subnet: Enter the subnet in the IP address text box, and select either a subnet mask or a CIDR from the drop-down lists.

    • Wildcard mas: Defines a wildcard mask for IP Addresses. Example: IP Address: 10.0.0.1, Wildcard Mask: 0.255.255.0

    • Child group: Include other (child) IP Groups in this parent group. Select a child group from the dropdown selection list of existing IP Groups.

  • Language: Use this interface to update languages or create new translations.

  • MAC Addresses: Lists MAC Addresses with labels as collected by the utility. It is scheduled to run nightly.

    • MAC address descriptions are collected from Cisco wireless LAN controllers via SNMP.

    • MAC address descriptions are collected from option templates that contain these two elements: ‘stamacaddress’ and ‘username’.

    • Run the scrut_util ‘collect optionsummary’ utility to force immediate collection.

    • Manually enter or edit MAC address information here.

  • Manage Collectors: Provides details on the servers which are collecting flows for this Scrutinizer install. Multiple collectors will be listed if a distributed solution has been deployed.

    • Delete: This check box can be used to remove collector(s) from the list.

    • Collector: IP Address of the flow collector.

    • State: Current state of the flow collector - ONLINE or OFFLINE.

    • Exporter Count: Number of exporters that are currently sending flows to the collector.

    • First Flow Time: Timestamp when flows first received by the collector.

    • Last Flow Time: Timestamp when the last flows were received by the collector.

    • Flow Rate: Current flows per second per collector.

    • Packet Rate: Current packets per second per collector.

    • MFSN Rate: Missed Flows Sequence Number rate in flows per second.

    • Duplicate Rate: Duplicate flows per second.

  • Manage Exporters: Details on the devices sending flows. This page provides the following information and configuration options as viewed from left to right on the screen:

    • Action / Down Arrow: Use this menu to make several changes to how the flow exporter is represented in the system.

      • Edit Additional Notes: Add a few comments about the device that can be seen in the Status and Maps tabs.

      • Edit Name: Give the device a name if it doesn’t resolve to an IP address. If it resolved to a host name, this will overwrite it.

      • Edit Protocol Exclusions: Used to tell the collector to drop flows on certain ports. This was built because some vendors like Cisco export the same flows twice when VPNs or tunnels have been configured.

      • Edit SNMP Credential: Define the community string to use when querying the device.

      • Update SNMP: Poll the device for SNMP details on demand.

    • Check Box: Check this checkbox to remove the device from the Status tab device tree. The device will be rediscovered immediately if the collector is still receiving flows from the device. Note that templates and interfaces from devices that stop sending flows are aged out.

    • Round LED: click to view the Interface Details:

      • Green: This exporter is enabled and up on the collector specified.

      • Red: This exporter is enabled and down on the collector specified.

      • Yellow: No flows have been received for this exporter on the collector specified.

      • Gray: This exporter is disabled on the collector specified.

    • Exporter: Exporter name, or IP Address if unnamed. Clicking on name/IP Address opens a Manage Exporters modal with options to Name the exporter, the domain for the exporter, set Protocol Exclusions for this exporter, SNMP Credential selection, and also attach Additional Notes to the exporter.

  • Notification Manager: Configure notifications to be applied to Policies in the Alarms tab.

  • Policy Manager: List all of the Policies that are configured for the Alarms Tab. Learn more about editing policies.

  • Protocol Exclusions: Define protocols to exclude during the collection process per exporter, exporter’s interface, or for all exporters and interfaces.

    Default protocol exclusions for all devices are:

    (any private encryption scheme) (99)
    (ENCAP) (98)
    (ESP) (50)
    (ETHERIP) (97)
    (GRE) (47)
    (IPIP) (94)

    Excluding these protocols prevents possible duplication of flow reporting. The Understanding NetFlow Traffic Volume blog explains this in more detail.

  • SNMP Credentials: Configure the SNMP Credentials used on each flow exporter. SNMP v1, v2 and v3 are supported.

  • Type of Service (ToS): Configure the ToS and DSCP values displayed in the reports. Be sure to define the “ToS Family” under System Preferences.

  • Well Known Ports: Define port names. In the Well Known Ports report, the following logic is used:

  • Which port is lower, the source port or the destination port?

  • If the source port is lower and defined, use this as the well known port.

  • Else, use the destination port, if defined, as the well known port.

  • Else, display the lower port as the well known port.