Additional Resources¶

This section includes additional resources and materials relevant to the use of Plixer Replicator and this documentation.

Frequently Asked Questions¶

Important

For questions or concerns, don’t hesitate to contact Plixer support.

Q) Can we use additional Plixer Replicators as failsafes against downtime and other issues?

A) Yes. For instructions on how to configure a secondary or backup Plixer Replicator see the section on fault tolerant configurations.

Q) Why is our Plixer Replicator still not receiving packets from our router even though I’ve configured it to send data to the correct IP address?

A) A firewall or access control list may be blocking traffic to the Plixer Replicator. To verify that it can see traffic from a device, use the Interactive Mode command:

REPLICATOR> snoop [network_device_ip]

Q) Can I create additional admin and/or user accounts for other users in our organization?

A) Each Plixer Replicator currently only supports a single adminstrator account for the web interface. However, future updates to the product will add support for multiple local user accounts and roles.

Q) How long should it take for Collectors to start receiving packets after I’ve configured an Exporter to send flows to the Plixer Replicator?

A) When a new Exporter starts sending UDP packets to the Plixer Replicator, it may take up to two minutes for the packets to be forwarded to Collectors.

Q) How do I find out if there are Exporters not assigned to any profiles sending packets to the Plixer Replicator?

A) To view all currently unassigned Exporters, select Exporters Not in a Profile in the View dropdown menu in the Exporters tab of the web interface. To get a list of unassigned Exporters in Interactive Mode, use:

REPLICATOR> exporters noprofile

Q) Why is the Plixer Replicator dropping packets instead of replicating them on our closed network with no gateway?

A) The default behavior for the Plixer Replicator is to drop all packets that come into an interface that the host has no route to. To change this, find the net.ipv4.all.rp_filter setting in the /etc/sysctl.conf file and change its value to 0.

Q) How do I configure a Profile to distribute Exporter flows across a distributed Plixer Scrutinizer cluster?

A) If you are using Plixer Scrutinizer’s distributed architecture to handle an extremely large number of flows and/or Exporters, you can enable the autoreplication feature to have it manage Plixer Replicator Profiles for its Collectors and automatically map Exporters to them as they’re added. Additional information and instructions on how to set up Plixer Replicator integration can be found in the Plixer Scrutinizer documentation here.

Q) Does the Plixer Replicator support IPFIX?

A) By default, the Plixer Replicator replicates syslogs received from Exporters and forwards them to all assigned Collectors in the same format. To have syslogs automatically converted to IPFIX before being forwarded, use the Interactive Mode command:

REPLICATOR> setting enable convertSyslog

Q) How do I send the syslog notifications and/or IPFIX metrics generated by the Plixer Replicator to multiple Collectors?

A) To send syslog notifications and/or IPFIX metrics from the Plixer Replicator to multiple Collectors, first configure the appliance to send them back to itself. After that, create a Profile with the appliance as the Exporter and assign Collectors as normal.

Note

Since there are separate settings for syslogs notifications and IPFIX metrics, they will require separate Profiles.

Q) Why am I receiving an error about a loop being created when I try to add a new Exporter or Collector?

A) A loop is created when a device is set to be both the Exporter and a Collector, which results in a repeating cycle where packets are received from and sent back to the same device. This can happen when a Profile is configured with the same In (listening) and Out (sending) Ports.

Q) Can a Profile have the same listening (In Port) and sending (Out Port) port?

A) Yes. The Plixer Replicator automatically will automatically verify updated Profile settings to ensure that no loops are created when adding new Exporters and/or Collectors.

Q) How do I change the root password on the Plixer Replicator?

A) To change the root password on the Plixer Replicator, log in as the root user and issue the passwd command.

Q) How do I change the admin password on the Plixer Replicator?

A) To change the web interface admin password on the Plixer Replicator, log in as the root user and use the Interactive Mode command:

REPLICATOR> password webui

Q) How do I change the hostname and IP address of the Plixer Replicator?

A) To change the hostname and IP address of the Plixer Replicator, log in as the root user and run the /home/replicator/conf/sethostname.sh script. Alternatively, you can use the Interactive Mode command:

REPLICATOR> system change

Glossary¶

Plixer Replicator Terms¶

Exporter: A networked device such as a router, switch, or server that generates data and sends it to the Plixer Replicator for replication and forwarding
Collector: SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded by the Plixer Replicator from other networked devices
Policy: A Profile parameter that determines whether an Exporter should be included or excluded from its replication and forwarding processes
Profile: A user-defined set of parameters that defines how the Plixer Replicator routes packets from specific Exporters to their corresponding Collectors
Interactive Mode: The command line interface for Plixer Replicator, which allows the user to manage device behavior and settings via a remote SSH session

Common Terms¶

API (Application Programming Interface): A software component that allows applications to share data and functionality
CA (Certification Authority): A trusted entity that issues, signs, and stores digital certificates
CIDR (Classless Inter-Domain Routing): An Internet Protocol addressing method that improves the efficiency of allocating IP addresses
CLI (Command-line Interface): A text-based interface for applications and operating systems that allows a user to enter commands and receive
DNS (Domain Name System): The system by which computers and other devices on the Internet or Internet Protocol networks are uniquely identified using names matched to their IP addresses
Fault tolerance: A system’s ability to continue operating without interruptions in the event of a hardware or software failure
IP address: A unique numerical label assigned to a networked device
IPFIX (Internet Protocol Flow Information Export): A protocol that standardizes Internet Protocol flow information from networked devices
LDAP (Lightweight Directory Access Protocol): An open, cross platform protocol used to authenticate and store information about users, groups, and applications
MAC (Media Access Control) address: A unique hardware identifier typically assigned by manufacturers to network adapters and devices
OVF (Open Virtualization Format): An open-source standard for packaging and distributing virtual machines and software applications
Packet: A block of data transmitted across a network
Redundancy: Duplicated or alternative network devices and connections meant to serve as a failsafes against the primary service becoming unavailable
Router: A device that forwards or routes data packets to devices on a network
Server: A system or device that provides resources, data, services, or applications to other devices over a network
SSH (Secure Shell Protocol): A network communication protocol that allows network services to be used securely over an unsecured network
SSL (Secure Sockets Layer): A protocol for establishing secure connections between networked devices
Switch: A device that connects devices in a network and allows them to communicate with each other
Syslog: A standard for message logging that allows a wide variety of networked devices to share the same repositories and management systems
UDP (User Datagram Protocol): A communication protocol used by applications to send messages to other hosts on an Internet Protocol network via low-latency, loss-tolerating connections
Virtual appliance: A pre-configured virtual machine image with pre-installed software meant to serve a specific function

Third-Party Attributions¶

Licenses Directory¶

Required license documentation can be found under /home/Replicator/files/licenses.

Third-Party Software Attributions¶

The open-source or other third-party software components listed below are integrated and/or redistributed with the Plixer Replicator software. The licenses are reproduced here in accordance with their licensing terms. These terms only apply to the libraries themselves and not the Plixer Replicator software.

Backbone.js: https://github.com/jashkenas/backbone/blob/master/LICENSE Copyright (c) 2010-2017 Jeremy Ashkenas, DocumentCloud Licensed under the MIT License – see Licenses Directory
C3.js: https://github.com/c3js/c3/blob/master/LICENSE Copyright (c) 2013 Masayuki Tanaka Licensed under the MIT License – see Licenses Directory
D3.js: https://github.com/d3/d3/blob/master/LICENSE Copyright (c) 2010-2014 2010-2017 Mike Bostoc Licensed under the BSD 3-clause License – see Licenses Directory
Hogan.js: https://github.com/twitter/hogan.js/blob/master/LICENSE Copyright (c) 2011 Twitter, Inc. Licensed under the Apache License 2.0 – see Licenses Directory
JQuery: https://jquery.org/license/ Copyright jQuery Foundation and other contributors, https://jquery.org This software consists of voluntary contributions made by many individuals. For exact contribution history, see the revision history available at https://github.com/jquery/jquery Licensed under the MIT License – see Licenses Directory
JQuery.floatThread.js: https://github.com/mkoryak/floatThead/blob/master/LICENSE Copyright (c) 2012-2017 Misha Koryak Licensed under the MIT License – see Licenses Directory
jsSHA: https://github.com/Caligatio/jsSHA/blob/master/LICENSE Copyright (c) 2008-2017 Brian Turek Licensed under the BSD 3-clause License – see Licenses Directory
JustGage: https://github.com/toorshia/justgage/blob/master/LICENSE Copyright (c) 2012-2015 Bojan Djuricic Licensed under the MIT License – see Licenses Directory
UDP Samplicator: https://github.com/sleinen/samplicator/blob/master/COPYING Copyright (c) 2000-2015 Simon Leinen Licensed under the GNU GPL 2.0 – see Licenses Directory
Underscore.js: https://github.com/jashkenas/underscore/blob/master/LICENSE Copyright (c) 2009-2017 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Licensed under the MIT License – see Licenses Directory