Features and functionality


During normal operation the Replicator will replicate incoming packets to all configured collectors in enabled profiles. At any time, the Streams tab or an output of the show realtime command will display the exporters in and out packet rates and totals.


When a new exporter starts sending UDP packets to the replicator, the packets will not get forwarded for up to two minutes.


The Replicator is actively tracking the number of packets received, packets sent, and the state of any exporter and collector. An alarm is generated and a syslog is sent if an exporter stops sending packets or a collector becomes unreachable.

By default, the Replicator is configured to stop replicating traffic to collectors that are considered offline. Replication will resume once the collector is reachable.

Dropped packets

The Replicator examines the netstat details of each interface and each direction (Rx and Tx) once every minute. When the OS reports there are interface drops a syslog alarm is sent to the server configured in the Notifications section of the settings tab.

The counting system used for the web interface that tracks the number of packets traversing the Replicator uses tcpdump instead of netstat and does a hard cut off on a timed basis. This means in the web interface there may be packets counted inbound that haven’t been counted outbound yet. The counters increment close to realtime, but not instantly. In addition to device state and dropped packets, the Replicator will send a notification if CPU is high or processes were terminated abnormally.


The web interface metrics are a good reference point for packet activity, but not for drops.

The following settings control alarming capabilities in the Replicator.

  • downDisplayHour : The number of hours before an incoming stream is automatically acknowledged as being down. Default is 24 hours.
  • flowStopAlert : The number of minutes an incoming stream must stop or a collector is unreachable before it is considered down.
  • highCPUThreshold : Send alerts about the CPU when it exceeds this percentage. Default is 90%
  • noRepWhenDown : If ping is enabled and a collector is unreachable, stop replicating data to that device. Replication will continue when the collector begins to respond to pings.
  • notificationSent : Send Replicator Alert and Notification Syslogs to the SERVER and Port specified.
  • pingCollectors : If enabled, the Plixer replicator will routinely check the configured collectors for availability.

Use the setting CLI command to change the global behavior of alarming.


Plixer’s Scrutinizer Incident Response System includes policies for all possible alarms from the Replicator.


The show or list command has several different options to generate reports based on live data. Additionally, the Replicator can export replication statistics as IPFIX to a Flow Collector.

  • metricsSent : Export Replicator Statistics and Metrics to an IPFIX Collector on the specified Collector IP and Port Number.


Use the setting command to manage IPFIX metrics.

A profile can be set up to send IPFIX metrics to multiple collectors by configuring the metricsSent option to send metrics back to the Replicator on a certain port (e.g.

| replicator_metrics             | IN PORT 2003 -> OUT PORT 2056

 Policies                     Exporters     ->    Collectors

Done in 0.00897 secs