Additional Resources

This section includes additional resources and materials relevant to the use of Plixer Replicator and this documentation.

Frequently Asked Questions

Important

For questions or concerns, don’t hesitate to contact Plixer support.

Q) Can we use additional Plixer Replicators as failsafes against downtime and other issues?

A) Yes. For instructions on how to configure a secondary or backup Plixer Replicator see the section on fault tolerant configurations.

Q) Why is our Plixer Replicator still not receiving packets from our router even though I’ve configured it to send data to the correct IP address?

A) A firewall or access control list may be blocking traffic to the Plixer Replicator. To verify that it can see traffic from a device, use the Interactive Mode command:

REPLICATOR> snoop [network_device_ip]

Q) Can I create additional admin and/or user accounts for other users in our organization?

A) Each Plixer Replicator currently only supports a single adminstrator account for the web interface. However, future updates to the product will add support for multiple local user accounts and roles.

Q) How long should it take for Collectors to start receiving packets after I’ve configured an Exporter to send flows to the Plixer Replicator?

A) When a new Exporter starts sending UDP packets to the Plixer Replicator, it may take up to two minutes for the packets to be forwarded to Collectors.

Q) How do I find out if there are Exporters not assigned to any profiles sending packets to the Plixer Replicator?

A) To view all currently unassigned Exporters, select Exporters Not in a Profile in the View dropdown menu in the Exporters tab of the web interface. To get a list of unassigned Exporters in Interactive Mode, use:

REPLICATOR> exporters noprofile

Q) Why is the Plixer Replicator dropping packets instead of replicating them on our closed network with no gateway?

A) The default behavior for the Plixer Replicator is to drop all packets that come into an interface that the host has no route to. To change this, find the net.ipv4.all.rp_filter setting in the /etc/sysctl.conf file and change its value to 0.

Q) How do I configure a Profile to distribute Exporter flows across a distributed Plixer Scrutinizer cluster?

A) If you are using Plixer Scrutinizer’s distributed architecture to handle an extremely large number of flows and/or Exporters, you can enable the autoreplication feature to have it manage Plixer Replicator Profiles for its Collectors and automatically map Exporters to them as they’re added. Additional information and instructions on how to set up Plixer Replicator integration can be found in the Plixer Scrutinizer documentation here.

Q) Does the Plixer Replicator support IPFIX?

A) By default, the Plixer Replicator replicates syslogs received from Exporters and forwards them to all assigned Collectors in the same format. To have syslogs automatically converted to IPFIX before being forwarded, use the Interactive Mode command:

REPLICATOR> setting enable convertSyslog

Q) How do I send the syslog notifications and/or IPFIX metrics generated by the Plixer Replicator to multiple Collectors?

A) To send syslog notifications and/or IPFIX metrics from the Plixer Replicator to multiple Collectors, first configure the appliance to send them back to itself. After that, create a Profile with the appliance as the Exporter and assign Collectors as normal.

Note

Since there are separate settings for syslogs notifications and IPFIX metrics, they will require separate Profiles.

Q) Why am I receiving an error about a loop being created when I try to add a new Exporter or Collector?

A) A loop is created when a device is set to be both the Exporter and a Collector, which results in a repeating cycle where packets are received from and sent back to the same device. This can happen when a Profile is configured with the same In (listening) and Out (sending) Ports.

Q) Can a Profile have the same listening (In Port) and sending (Out Port) port?

A) Yes. The Plixer Replicator automatically will automatically verify updated Profile settings to ensure that no loops are created when adding new Exporters and/or Collectors.

Q) How do I change the root password on the Plixer Replicator?

A) To change the root password on the Plixer Replicator, log in as the root user and issue the passwd command.

Q) How do I change the admin password on the Plixer Replicator?

A) To change the web interface admin password on the Plixer Replicator, log in as the root user and use the Interactive Mode command:

REPLICATOR> password webui

Q) How do I change the hostname and IP address of the Plixer Replicator?

A) To change the hostname and IP address of the Plixer Replicator, log in as the root user and run the /home/replicator/conf/sethostname.sh script. Alternatively, you can use the Interactive Mode command:

REPLICATOR> system change

Glossary

Plixer Replicator Terms

Exporter

A networked device such as a router, switch, or server that generates data and sends it to the Plixer Replicator for replication and forwarding

Collector

SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded by the Plixer Replicator from other networked devices

Policy

A Profile parameter that determines whether an Exporter should be included or excluded from its replication and forwarding processes

Profile

A user-defined set of parameters that defines how the Plixer Replicator routes packets from specific Exporters to their corresponding Collectors

Interactive Mode

The command line interface for Plixer Replicator, which allows the user to manage device behavior and settings via a remote SSH session

Common Terms

API (Application Programming Interface)

A software component that allows applications to share data and functionality

CA (Certification Authority)

A trusted entity that issues, signs, and stores digital certificates

CIDR (Classless Inter-Domain Routing)

An Internet Protocol addressing method that improves the efficiency of allocating IP addresses

CLI (Command-line Interface)

A text-based interface for applications and operating systems that allows a user to enter commands and receive

DNS (Domain Name System)

The system by which computers and other devices on the Internet or Internet Protocol networks are uniquely identified using names matched to their IP addresses

Fault tolerance

A system’s ability to continue operating without interruptions in the event of a hardware or software failure

IP address

A unique numerical label assigned to a networked device

IPFIX (Internet Protocol Flow Information Export)

A protocol that standardizes Internet Protocol flow information from networked devices

LDAP (Lightweight Directory Access Protocol)

An open, cross platform protocol used to authenticate and store information about users, groups, and applications

MAC (Media Access Control) address

A unique hardware identifier typically assigned by manufacturers to network adapters and devices

OVF (Open Virtualization Format)

An open-source standard for packaging and distributing virtual machines and software applications

Packet

A block of data transmitted across a network

Redundancy

Duplicated or alternative network devices and connections meant to serve as a failsafes against the primary service becoming unavailable

Router

A device that forwards or routes data packets to devices on a network

Server

A system or device that provides resources, data, services, or applications to other devices over a network

SSH (Secure Shell Protocol)

A network communication protocol that allows network services to be used securely over an unsecured network

SSL (Secure Sockets Layer)

A protocol for establishing secure connections between networked devices

Switch

A device that connects devices in a network and allows them to communicate with each other

Syslog

A standard for message logging that allows a wide variety of networked devices to share the same repositories and management systems

UDP (User Datagram Protocol)

A communication protocol used by applications to send messages to other hosts on an Internet Protocol network via low-latency, loss-tolerating connections

Virtual appliance

A pre-configured virtual machine image with pre-installed software meant to serve a specific function

Third-Party Attributions

Licenses Directory

Required license documentation can be found under /home/Replicator/files/licenses.

Third-Party Software Attributions

The open-source or other third-party software components listed below are integrated and/or redistributed with the Plixer Replicator software. The licenses are reproduced here in accordance with their licensing terms. These terms only apply to the libraries themselves and not the Plixer Replicator software.

Backbone.js

https://github.com/jashkenas/backbone/blob/master/LICENSE Copyright (c) 2010-2017 Jeremy Ashkenas, DocumentCloud Licensed under the MIT License – see Licenses Directory

C3.js

https://github.com/c3js/c3/blob/master/LICENSE Copyright (c) 2013 Masayuki Tanaka Licensed under the MIT License – see Licenses Directory

D3.js

https://github.com/d3/d3/blob/master/LICENSE Copyright (c) 2010-2014 2010-2017 Mike Bostoc Licensed under the BSD 3-clause License – see Licenses Directory

Hogan.js

https://github.com/twitter/hogan.js/blob/master/LICENSE Copyright (c) 2011 Twitter, Inc. Licensed under the Apache License 2.0 – see Licenses Directory

JQuery

https://jquery.org/license/ Copyright jQuery Foundation and other contributors, https://jquery.org This software consists of voluntary contributions made by many individuals. For exact contribution history, see the revision history available at https://github.com/jquery/jquery Licensed under the MIT License – see Licenses Directory

JQuery.floatThread.js

https://github.com/mkoryak/floatThead/blob/master/LICENSE Copyright (c) 2012-2017 Misha Koryak Licensed under the MIT License – see Licenses Directory

jsSHA

https://github.com/Caligatio/jsSHA/blob/master/LICENSE Copyright (c) 2008-2017 Brian Turek Licensed under the BSD 3-clause License – see Licenses Directory

JustGage

https://github.com/toorshia/justgage/blob/master/LICENSE Copyright (c) 2012-2015 Bojan Djuricic Licensed under the MIT License – see Licenses Directory

Raphaël

https://github.com/DmitryBaranovskiy/raphael/blob/master/license.txt Copyright © 2008-2013 Dmitry Baranovskiy, Sencha Labs Licensed under the MIT License – see Licenses Directory

UDP Samplicator

https://github.com/sleinen/samplicator/blob/master/COPYING Copyright (c) 2000-2015 Simon Leinen Licensed under the GNU GPL 2.0 – see Licenses Directory

Underscore.js

https://github.com/jashkenas/underscore/blob/master/LICENSE Copyright (c) 2009-2017 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Licensed under the MIT License – see Licenses Directory