Getting started¶
The web interface contains a wizard to assist users in the initial configuration process. It consists of three steps:
- Apply a license key;
- Create a profile;
- Verify packets are inbound.
Configure SSL¶
Enabling SSL support in Replicator can be done during the initial deployment or by using the enable_ssl.sh script located in the /home/replicator/conf/ directory.
Important
Internet access is required to download the latest openssl and httpd packages.
To create a self-signed certificate, enter the information when prompted by the script:
Name Field | Explanation |
---|---|
Country Name | The two-letter ISO abbreviation for the desired country example: US = United States |
State / Province | The state/province where the organization is located. Do not abbreviate. example: Maine |
City / Locality | The city where the organization is located. example: Kennebunk |
Organization | The exact legal name of the organization. Do not abbreviate. example: Plixer |
Email Address | The email address for the CA (who to contact) example: someone@your.domain |
Common Name | URL to attach to the certificate example: 10.1.1.19 or replicator.company.com |
Extra attributes | The challenge password and the optional company name can be added to the certificate request. |
Creating a signed certificate¶
- Enable SSL as described above.
- Send the /etc/pki/tls/private/ca.csr file to the Certificate Authority (CA) and ask them to sign and return it as Base64 encoded.
Important
When exporting a certificate, do NOT select DER encoded export file format.
- When the signed certificate is received, stop the apache service:
service httpd stop
- Replace the active SSL certificate with the new one and rename the file to /etc/pki/tls/certs/ca.crt.
- Start the apache service:
service httpd start
Log in for the first time¶
Future versions of the Replicator will support multiple local user accounts and roles. The current version provides all users with an administrator role account to update and maintain any configuration via the web interface.
The default login credentials are user admin with the default password admin.
Note
The password can be updated using the interactive mode password webui command.
To set up the LDAP authentication, navigate to the Settings tab and enter the LDAP server information.The LDAP password can be updated using the interactive mode ldapadminpass command.
Apply a license key¶
After a user logs in for the first time, the Replicator will check for a valid licence key. If the key has not been applied, the license wizard will appear. Otherwise, the Replicator wizard will proceed to creating a first profile.
A license key can be requested directly from Plixer or a reseller. Evaluation keys are available for testing and proof of concept purposes.
Note
Manage the Replicator’s license key and review the license details via the Settings > Licensing page.
Create a profile¶
Once a valid license key is applied, the replicator checks if there are any profiles configured. A profile defines how packets are received and sent from the Replicator.
If there are no profiles configured, the Replicator wizard will walk a user through creating a first profile. A profile requires the port packets will come in, the port packets should go out, a policy to match incoming IP Addresses on the defined port, and a collector to send the packets.
Hint
To match all incoming IP addresses, use the policy of 0.0.0.0/0.
Verify packets are inbound¶
The Streams and Dashboard tabs provide users with instant feedback of packet activity. If this is the first time configuring the Replicator, the last step of the wizard will direct the user to the Streams tab.
Interactive mode¶
Using an SSH client, ssh to the Replicator and log in as the replicator user with the password configured during the installation process. Refer to the interactive mode for a list of available commands.
[[email protected] ~]# ssh [email protected]
[email protected]'s password:
Plixer Replicator (TM) v18.14.1.2410
2019-12-03 13:07:44 -0500 (Tue, 03 Dec 2019)
Copyright (C) 2012 - 2019 Plixer, All rights reserved.
Replicate Anything!
Need an IPFIX Collector? Download Scrutinizer at https://www.plixer.com
Machine ID : 6YZ6XEPT66FPH6364A1VQ8NY
Customer ID : qa replicator
Licensed Version : 18.5
Licensed Type : subscription (standalone/primary)
Expiration : 11/30/2020
REPLICATOR>
The REPLICATOR> prompt indicates the Replicator is ready for commands.
Before beginning any configuration of the Replicator, set up one or more network devices (exporters) to send flow or log data to the Replicator. Note the UDP port(s) used to send data during the configuration process. For example: a Cisco router is configured to send NetFlow v9 using port 9996 to the Replicator. 9996 will be used during the profile creation process.
Important
Send data to the Replicator first.
Once the exporters are sending data to the Replicator, proceed with configuring profiles to replicate the data to the appropriate collectors. USe the profile command to manage profiles on the Replicator. The required parameters for creating a profile are name, listening port, and sending port.
profile <add|update> name listen_port send_port
For example, the Cisco router is sending data to the Replicator on port 9996. The Scrutinizer flow collector is listening for flows on port 2055. A profile is created to listen on port 9996 and send on port 2055 as follows:
REPLICATOR> profile add maine 9996 2055
Success: Profile 'maine' has been added and enabled.
Done in 0.316286 secs
REPLICATOR> show profile maine
+--------------------------------+-----------------------------------------+
| maine | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+
Policies Exporters -> Collectors
- - -
+--------------------------------+-----------------------------------------+
Done in 0.01249 secs
Next, add the exporter (i.e. the Cisco router) to the maine profile using the exporter command:
REPLICATOR> exporter add 10.1.1.1 maine
Success: Exporter [10.1.1.1] -> Profile [maine]
Done in 0.183711 secs
REPLICATOR> show profile maine
+--------------------------------+-----------------------------------------+
| maine | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+
Policies Exporters -> Collectors
(include) 10.1.1.1/32 - -
+--------------------------------+-----------------------------------------+
Done in 0.014918 secs
As soon as the Replicator detects traffic from 10.1.1.1 on port 9996, the exporter will show up in the Exporters column.
Lastly, add a collector to the profile.
REPLICATOR> collector add 10.1.4.20 maine
Success: Collector [10.1.4.20] -> Profile [maine]
Done in 0.439209 secs
+--------------------------------+-----------------------------------------+
| maine | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+
Policies Exporters -> Collectors
(include) 10.1.1.1/32 10.1.1.1 10.1.4.20
+--------------------------------+-----------------------------------------+
Done in 0.011346 secs
The profile is complete. Verify the replicated traffic within the collector’s interface.