Additional Resources¶
This section includes additional resources and materials relevant to the use of Plixer Replicator and this documentation.
Frequently Asked Questions¶
Important
For questions or concerns, don’t hesitate to contact Plixer support.
Q) Can we use additional Plixer Replicators as failsafes against downtime and other issues?
A) Yes. For instructions on how to configure a secondary or backup Plixer Replicator see the section on fault tolerant configurations.
Q) Why is our Plixer Replicator still not receiving packets from our router even though I’ve configured it to send data to the correct IP address?
A) A firewall or access control list may be blocking traffic to the Plixer Replicator. To verify that it can see traffic from a device, use the Interactive Mode command:
REPLICATOR> snoop [network_device_ip]
Q) Can I create additional admin and/or user accounts for other users in our organization?
A) Each Plixer Replicator currently only supports a single adminstrator account for the web interface. However, future updates to the product will add support for multiple local user accounts and roles.
Q) How long should it take for Collectors to start receiving packets after I’ve configured an Exporter to send flows to the Plixer Replicator?
A) When a new Exporter starts sending UDP packets to the Plixer Replicator, it may take up to two minutes for the packets to be forwarded to Collectors.
Q) How do I find out if there are Exporters not assigned to any profiles sending packets to the Plixer Replicator?
A) To view all currently unassigned Exporters, select Exporters Not in a Profile in the View dropdown menu in the Exporters tab of the web interface. To get a list of unassigned Exporters in Interactive Mode, use:
REPLICATOR> exporters noprofile
Q) Why is the Plixer Replicator dropping packets instead of replicating them on our closed network with no gateway?
A) The default behavior for the Plixer Replicator is to drop all packets that come into an interface that the host has no route to. To change this, find the net.ipv4.all.rp_filter
setting in the /etc/sysctl.conf
file and change its value to 0
.
Q) How do I configure a Profile to distribute Exporter flows across a distributed Plixer Scrutinizer cluster?
A) If you are using Plixer Scrutinizer’s distributed architecture to handle an extremely large number of flows and/or Exporters, you can enable the autoreplication feature to have it manage Plixer Replicator Profiles for its Collectors and automatically map Exporters to them as they’re added. Additional information and instructions on how to set up Plixer Replicator integration can be found in the Plixer Scrutinizer documentation here.
Q) Does the Plixer Replicator support IPFIX?
A) By default, the Plixer Replicator replicates syslogs received from Exporters and forwards them to all assigned Collectors in the same format. To have syslogs automatically converted to IPFIX before being forwarded, use the Interactive Mode command:
REPLICATOR> setting enable convertSyslog
Q) How do I send the syslog notifications and/or IPFIX metrics generated by the Plixer Replicator to multiple Collectors?
A) To send syslog notifications and/or IPFIX metrics from the Plixer Replicator to multiple Collectors, first configure the appliance to send them back to itself. After that, create a Profile with the appliance as the Exporter and assign Collectors as normal.
Note
Since there are separate settings for syslogs notifications and IPFIX metrics, they will require separate Profiles.
Q) Why am I receiving an error about a loop being created when I try to add a new Exporter or Collector?
A) A loop is created when a device is set to be both the Exporter and a Collector, which results in a repeating cycle where packets are received from and sent back to the same device. This can happen when a Profile is configured with the same In (listening) and Out (sending) Ports.
Q) Can a Profile have the same listening (In Port) and sending (Out Port) port?
A) Yes. The Plixer Replicator automatically will automatically verify updated Profile settings to ensure that no loops are created when adding new Exporters and/or Collectors.
Q) How do I change the root password on the Plixer Replicator?
A) To change the root password on the Plixer Replicator, log in as the root user and issue the passwd
command.
Q) How do I change the admin password on the Plixer Replicator?
A) To change the web interface admin password on the Plixer Replicator, log in as the root user and use the Interactive Mode command:
REPLICATOR> password webui
Q) How do I change the hostname and IP address of the Plixer Replicator?
A) To change the hostname and IP address of the Plixer Replicator, log in as the root user and run the /home/replicator/conf/sethostname.sh
script. Alternatively, you can use the Interactive Mode command:
REPLICATOR> system change
Glossary¶
Plixer Replicator Terms¶
- Exporter
- A networked device such as a router, switch, or server that generates data and sends it to the Plixer Replicator for replication and forwarding
- Collector
- SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded by the Plixer Replicator from other networked devices
- Policy
- A Profile parameter that determines whether an Exporter should be included or excluded from its replication and forwarding processes
- Profile
- A user-defined set of parameters that defines how the Plixer Replicator routes packets from specific Exporters to their corresponding Collectors
- Interactive Mode
- The command line interface for Plixer Replicator, which allows the user to manage device behavior and settings via a remote SSH session
Common Terms¶
- API (Application Programming Interface)
- A software component that allows applications to share data and functionality
- CA (Certification Authority)
- A trusted entity that issues, signs, and stores digital certificates
- CIDR (Classless Inter-Domain Routing)
- An Internet Protocol addressing method that improves the efficiency of allocating IP addresses
- CLI (Command-line Interface)
- A text-based interface for applications and operating systems that allows a user to enter commands and receive
- DNS (Domain Name System)
- The system by which computers and other devices on the Internet or Internet Protocol networks are uniquely identified using names matched to their IP addresses
- Fault tolerance
- A system’s ability to continue operating without interruptions in the event of a hardware or software failure
- IP address
- A unique numerical label assigned to a networked device
- IPFIX (Internet Protocol Flow Information Export)
- A protocol that standardizes Internet Protocol flow information from networked devices
- LDAP (Lightweight Directory Access Protocol)
- An open, cross platform protocol used to authenticate and store information about users, groups, and applications
- MAC (Media Access Control) address
- A unique hardware identifier typically assigned by manufacturers to network adapters and devices
- OVF (Open Virtualization Format)
- An open-source standard for packaging and distributing virtual machines and software applications
- Packet
- A block of data transmitted across a network
- Redundancy
- Duplicated or alternative network devices and connections meant to serve as a failsafes against the primary service becoming unavailable
- Router
- A device that forwards or routes data packets to devices on a network
- Server
- A system or device that provides resources, data, services, or applications to other devices over a network
- SSH (Secure Shell Protocol)
- A network communication protocol that allows network services to be used securely over an unsecured network
- SSL (Secure Sockets Layer)
- A protocol for establishing secure connections between networked devices
- Switch
- A device that connects devices in a network and allows them to communicate with each other
- Syslog
- A standard for message logging that allows a wide variety of networked devices to share the same repositories and management systems
- UDP (User Datagram Protocol)
- A communication protocol used by applications to send messages to other hosts on an Internet Protocol network via low-latency, loss-tolerating connections
- Virtual appliance
- A pre-configured virtual machine image with pre-installed software meant to serve a specific function
Third-Party Attributions¶
Licenses Directory¶
Required license documentation can be found under /home/Replicator/files/licenses
.
Third-Party Software Attributions¶
The open-source or other third-party software components listed below are integrated and/or redistributed with the Plixer Replicator software. The licenses are reproduced here in accordance with their licensing terms. These terms only apply to the libraries themselves and not the Plixer Replicator software.
- Backbone.js
- https://github.com/jashkenas/backbone/blob/master/LICENSE Copyright (c) 2010-2017 Jeremy Ashkenas, DocumentCloud Licensed under the MIT License – see Licenses Directory
- C3.js
- https://github.com/c3js/c3/blob/master/LICENSE Copyright (c) 2013 Masayuki Tanaka Licensed under the MIT License – see Licenses Directory
- D3.js
- https://github.com/d3/d3/blob/master/LICENSE Copyright (c) 2010-2014 2010-2017 Mike Bostoc Licensed under the BSD 3-clause License – see Licenses Directory
- Hogan.js
- https://github.com/twitter/hogan.js/blob/master/LICENSE Copyright (c) 2011 Twitter, Inc. Licensed under the Apache License 2.0 – see Licenses Directory
- JQuery
- https://jquery.org/license/ Copyright jQuery Foundation and other contributors, https://jquery.org This software consists of voluntary contributions made by many individuals. For exact contribution history, see the revision history available at https://github.com/jquery/jquery Licensed under the MIT License – see Licenses Directory
- JQuery.floatThread.js
- https://github.com/mkoryak/floatThead/blob/master/LICENSE Copyright (c) 2012-2017 Misha Koryak Licensed under the MIT License – see Licenses Directory
- jsSHA
- https://github.com/Caligatio/jsSHA/blob/master/LICENSE Copyright (c) 2008-2017 Brian Turek Licensed under the BSD 3-clause License – see Licenses Directory
- JustGage
- https://github.com/toorshia/justgage/blob/master/LICENSE Copyright (c) 2012-2015 Bojan Djuricic Licensed under the MIT License – see Licenses Directory
- Raphaël
- https://github.com/DmitryBaranovskiy/raphael/blob/master/license.txt Copyright © 2008-2013 Dmitry Baranovskiy, Sencha Labs Licensed under the MIT License – see Licenses Directory
- UDP Samplicator
- https://github.com/sleinen/samplicator/blob/master/COPYING Copyright (c) 2000-2015 Simon Leinen Licensed under the GNU GPL 2.0 – see Licenses Directory
- Underscore.js
- https://github.com/jashkenas/underscore/blob/master/LICENSE Copyright (c) 2009-2017 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Licensed under the MIT License – see Licenses Directory