Platform extension#
The additional configuration options below are supported for platform extension
On this page:
MCP server#
The Plixer MCP service allows an MCP host application’s integrated LLMs to leverage Scrutinizer reporting APIs (via the scrutinizer_report tool) to run network traffic reports. The server also provides access to full documentation for the APIs (via the reporting-api-docs resource).
The MCP server supports both stdio (for direct MCP integration) and HTTP transport with Server-Sent Events (SSE) for real-time event streaming.
View instructions
Enabling the MCP server
To enable the Plixer MCP server on a Scrutinizer host, follow these steps:
Navigate to Admin > Users & Groups > Authentication Tokens in the Scrutinizer web interface and create an authentication token with API access.
Set the following environment variables in
/usr/lib/systemd/system/plixer_mcp.service:Environment=MCP_SERVER_HOST=<SCRUTINIZER_FOR_MCP_SERVICE_IP> Environment=MCP_SERVER_PORT=<SCRUTINIZER_FOR_MCP_SERVICE_PORT> Environment=API_SERVER_HOST=<PRIMARY_REPORTER_IP> Environment=MCP_ACCESS_TOKEN=<API_AUTH_TOKEN>
Note
The MCP service can be hosted on any Scrutinizer server in a distributed cluster, including the primary reporter.
Reload systemd to update the environment details:
sudo systemctl daemon-reload
Start the MCP service:
sudo systemctl start plixer_mcp
Verify that the MCP server is running:
sudo systemctl status plixer_mcp
Once the MCP service has been started, the server can be added to an external MCP host application.
Client configuration
To add the Plixer MCP server to the MCP host application, follow these steps:
Download
PlixerMCP.tarfrom https://files.plixer.com/ and extractmcp-proxy.jsto a location that can be accessed by the MCP host.Configure the MCP server details in the host application’s settings json:
"mcpServers": { "scrutinizer": { "type": "stdio", "command": "node", "args": [ "/PATH/TO/mcp-proxy.js" ], "env": { "MCP_SERVER_HOST": "SCRUTINIZER_WITH_MCP_SERVICE_IP", "MCP_ACCESS_TOKEN": "SCRUTINIZER_WITH_MCP_SERVICE_AUTH_TOKEN" } } }
After the MCP server has been added, the MCP host application’s integrated LLMs will have access to the APIs and documentation for running report types and filters that support AI prompts.
Reverse-path filtering#
When reverse-path filtering is enabled, a Scrutinizer collector is able to receive flows from IP addresses that it is unable to route to normally, such as non-local hosts whose traffic data is forwarded by a proxy or replication appliance.
This configuration should only be used when the Scrutinizer server/collector is both in a secure environment and using a single interface.
Important
In multi-interface/multi-homed scenarios and/or where strict networking practices are observed, the recommendations in RFC 3704 should be followed. This ensures that spoofed/forged packets cannot be used to generate responses that are sent out over a different interface.
Enabling reverse-path filtering#
To enable reverse-path filtering on a Scrutinizer collector, find the following line in /etc/sysctl.conf:
net.ipv4.conf.default.rp_filter = 1
And change its value from 1 to 0.
In addition, the following steps are also recommended:
To bypass having to restart networking after editing the file, enable reverse-path filtering by running the command:
sysctl net.ipv4.conf.default.rp_filter = 0
Verify that the routing tables include routing data for all networks to be monitored to ensure that flows can be collected from non-local address spaces.
VRF (Virtual Routing and Forwarding) Mode#
In some scenarios, such as when there are special security requirements or if the management network IP addresses overlap with collection-side interfaces, routing tables may need to be isolated from the management network.
Separate routing tables can be created to isolate management traffic to the management interface, so collection and polling traffic only impact their respective interfaces.
Sample routing table configuration#
This example outlines the steps to configure two separate routing tables called plixer and public corresponding to interfaces eth0 and eth1 on a Scrutinizer deployment.
Add the two routing tables to
/etc/iproute2/rt_tablesafter the line#1 inr.ruhep:# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 1 public 2 plixer
Create the files
route-eth0androute-eth1under/etc/sysconfig/network-scripts/containing the following lines to define the default gateway for each table:route-eth0default via 172.16.2.20 table plixer
route-eth1default via 10.1.1.251 table public
Add the gateway for each interface in
/etc/sysconfig/network-scripts/ifcfg-eth0andifcfg-eth1(no other changes are necessary) as follows:ifcfg-eth0DEVICE="eth0" BOOTPROTO="none" HWADDR="" NM_CONTROLLED="yes" ONBOOT="yes" BOOTPROTO="none" PEERDNS=no TYPE="Ethernet" NETMASK=255.255.255.0 IPADDR=172.16.2.7 GATEWAY=172.16.2.20
ifcfg-eth1DEVICE="eth1" BOOTPROTO="none" HWADDR="" NM_CONTROLLED="yes" ONBOOT="yes" BOOTPROTO="none" PEERDNS=no TYPE="Ethernet" NETMASK=255.255.0.0 IPADDR=10.1.4.190 GATEWAY=10.1.1.251
Reboot the server to restart networking.
Verify that networking is functioning and confirm that IP tables are configured to accept or deny the correct traffic on each interface.
Streaming to data lakes#
Scrutinizer supports data streaming to customer data lakes.
For assistance with the configuration process, contact Plixer Technical Support.
Localization#
Scrutinizer supports translation of the web interface for localization purposes.
To add or modify translations of UI elements:
Navigate to Admin > Settings > System/New User Defaults > Language.
Select a language from the dropdown menu.
Click on a key type to enter or modify the translation for that UI element.
Repeat the process to translate additional UI elements.
Language translations are saved as /home/plixer/scrutinizer/files/localize_languageName.xls.