Getting started

The web interface contains a wizard to assist users in the initial configuration process. It consists of three steps:

  1. Apply a license key;
  2. Create a profile;
  3. Verify packets are inbound.

Configure SSL

Enabling SSL support in Replicator can be done during the initial deployment or by using the enable_ssl.sh script located in the /home/replicator/conf/ directory.

Important

Internet access is required to download the latest openssl and httpd packages.

To create a self-signed certificate, enter the information when prompted by the script:

Name Field Explanation
Country Name

The two-letter ISO abbreviation for the desired country

example: US = United States

State / Province

The state/province where the organization is located. Do not abbreviate.

example: Maine

City / Locality

The city where the organization is located.

example: Kennebunk

Organization

The exact legal name of the organization. Do not abbreviate.

example: Plixer

Email Address

The email address for the CA (who to contact)

example: someone@your.domain

Common Name

URL to attach to the certificate

example: 10.1.1.19 or replicator.company.com

Extra attributes The challenge password and the optional company name can be added to the certificate request.

Creating a signed certificate

  1. Enable SSL as described above.
  2. Send the /etc/pki/tls/private/ca.csr file to the Certificate Authority (CA) and ask them to sign and return it as Base64 encoded.

Important

When exporting a certificate, do NOT select DER encoded export file format.

  1. When the signed certificate is received, stop the apache service:
service httpd stop
  1. Replace the active SSL certificate with the new one and rename the file to /etc/pki/tls/certs/ca.crt.
  2. Start the apache service:
service httpd start

Log in for the first time

Future versions of the Replicator will support multiple local user accounts and roles. The current version provides all users with an administrator role account to update and maintain any configuration via the web interface.

The default login credentials are user admin with the default password admin.

Note

The password can be updated using the interactive mode password webui command.

To set up the LDAP authentication, navigate to the Settings tab and enter the LDAP server information.The LDAP password can be updated using the interactive mode ldapadminpass command.

Apply a license key

After a user logs in for the first time, the Replicator will check for a valid licence key. If the key has not been applied, the license wizard will appear. Otherwise, the Replicator wizard will proceed to creating a first profile.

A license key can be requested directly from Plixer or a reseller. Evaluation keys are available for testing and proof of concept purposes.

Note

Manage the Replicator’s license key and review the license details via the Settings > Licensing page.

Create a profile

Once a valid license key is applied, the replicator checks if there are any profiles configured. A profile defines how packets are received and sent from the Replicator.

If there are no profiles configured, the Replicator wizard will walk a user through creating a first profile. A profile requires the port packets will come in, the port packets should go out, a policy to match incoming IP Addresses on the defined port, and a collector to send the packets.

Hint

To match all incoming IP addresses, use the policy of 0.0.0.0/0.

Verify packets are inbound

The Streams and Dashboard tabs provide users with instant feedback of packet activity. If this is the first time configuring the Replicator, the last step of the wizard will direct the user to the Streams tab.

Interactive mode

Using an SSH client, ssh to the Replicator and log in as the replicator user with the password configured during the installation process. Refer to the interactive mode for a list of available commands.

[[email protected] ~]# ssh [email protected]
[email protected]'s password:
Plixer Replicator (TM) v18.14.1.2410
2019-12-03 13:07:44 -0500 (Tue, 03 Dec 2019)
Copyright (C) 2012 - 2019 Plixer, All rights reserved.
Replicate Anything!
Need an IPFIX Collector? Download Scrutinizer at https://www.plixer.com
Machine ID : 6YZ6XEPT66FPH6364A1VQ8NY
Customer ID : qa replicator
Licensed Version : 18.5
Licensed Type : subscription (standalone/primary)
Expiration : 11/30/2020
REPLICATOR>

The REPLICATOR> prompt indicates the Replicator is ready for commands.

Before beginning any configuration of the Replicator, set up one or more network devices (exporters) to send flow or log data to the Replicator. Note the UDP port(s) used to send data during the configuration process. For example: a Cisco router is configured to send NetFlow v9 using port 9996 to the Replicator. 9996 will be used during the profile creation process.

Important

Send data to the Replicator first.

Once the exporters are sending data to the Replicator, proceed with configuring profiles to replicate the data to the appropriate collectors. USe the profile command to manage profiles on the Replicator. The required parameters for creating a profile are name, listening port, and sending port.

profile <add|update> name listen_port send_port

For example, the Cisco router is sending data to the Replicator on port 9996. The Scrutinizer flow collector is listening for flows on port 2055. A profile is created to listen on port 9996 and send on port 2055 as follows:

REPLICATOR> profile add maine 9996 2055

Success: Profile 'maine' has been added and enabled.

Done in 0.316286 secs

REPLICATOR> show profile maine

+--------------------------------+-----------------------------------------+
| maine                          | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+

 Policies                     Exporters     ->    Collectors
 -                            -                   -

+--------------------------------+-----------------------------------------+
Done in 0.01249 secs

Next, add the exporter (i.e. the Cisco router) to the maine profile using the exporter command:

REPLICATOR> exporter add 10.1.1.1 maine

Success: Exporter [10.1.1.1] -> Profile [maine]

Done in 0.183711 secs

REPLICATOR> show profile maine
+--------------------------------+-----------------------------------------+
| maine                          | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+

Policies                     Exporters     ->    Collectors
(include) 10.1.1.1/32        -                   -

+--------------------------------+-----------------------------------------+
Done in 0.014918 secs

As soon as the Replicator detects traffic from 10.1.1.1 on port 9996, the exporter will show up in the Exporters column.

Lastly, add a collector to the profile.

REPLICATOR> collector add 10.1.4.20 maine

Success: Collector [10.1.4.20] -> Profile [maine]

Done in 0.439209 secs

+--------------------------------+-----------------------------------------+
| maine                          | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+

 Policies                     Exporters     ->    Collectors
 (include) 10.1.1.1/32        10.1.1.1            10.1.4.20

+--------------------------------+-----------------------------------------+
Done in 0.011346 secs

The profile is complete. Verify the replicated traffic within the collector’s interface.