Getting Started

Wizard

The web interface contains a wizard to assist users in the initial configuration process. The process consists of three steps.

  1. Apply a license key
  2. Create a profile
  3. Verify packets are inbound

Enabling HTTPS

It is recommended that HTTPS be enabled on your replicator to secure any information sent through the browser. This is done on install or by using the script “enable_ssl.sh” in the /home/replicator/conf/ directory.

Logging in for the first time

The default login user name and password are admin. The password can be updated using the interactive mode command password webui.

Once LDAP server information is entered in the settings tab, users will also be able to log in using valid LDAP credentials. The LDAP password can be updated using the interactive mode command ldapadminpass.

Future versions of the replicator will provide local multiple user accounts and roles. The current version provides all users with an administrator role account to update and maintain any configuration via the web interface.

Applying a License Key

Once logged in, the replicator will detect if a license key is present. If not, the license wizard will appear. Otherwise, the replicator will redirect to the next step in the wizard if a profile doesn’t exist. If everything is minimally configured, the replicator displays the Dashboard Tab.

A license key can be requested directly from plixer or a reseller. Evaluation keys are available for testing and evaluating purposes.

Create a Profile

Once a valid license key is configured, the replicator detects if it has at least one profile. A profile defines how packets are received and sent from the replicator.

If there are no profiles configured, the replicator will ask a few questions and get the user started quickly.

A profile requires the port packets will come in, the port packets should go out, a policy to match incoming IP Addresses on the defined port, and a collector to send the packets.

In many cases, users typically want to match all incoming IP addresses. In this case, the policy of 0.0.0.0/0 can be used.

Verify Packets are inbound

The Streams Tab and Dashboard Tab provide users with instant feedback of packet activity.

If it is the first time configuring the replicator, the last step of the wizard will redirect the user to the Streams Tab.

For more information on the web interfaces see the section on the Web Interface.

Interactive Mode

Using an SSH Client, ssh to the Flow Replicator and log in as the replicator user using the password configured during the installation process.

[root@demo ~]# ssh replicator@10.1.4.66
replicator@10.1.4.66's password:
Last login: Tue Jul 15 16:55:17 2014 from scrutinizer.plxr.local

Plixer Replicator (TM) v17.1.17.1771
[2016-06-03 09:22:51 -0400 (Fri, 03 Jun 2016)]
Copyright (C) 2012 - 2017 Plixer International, Inc. All rights reserved.
Replicate Anything!
Need an IPFIX Collector? Download Scrutinizer at https://www.plixer.com

Machine ID : 6YZ6XEPTJA6VG749B
Licensed Version : 16.6
Licensed Type  : eval (standalone/primary)
Expiration : Thu May 18 2017

License expires in 317 day(s) (eval)
REPLICATOR>

The REPLICATOR> prompt indicates the Flow Replicator is ready for commands.

Before beginning any configuration of the Flow Replicator, configure one or more networked device (exporter) to send flow or log data to the Flow Replicator. Note the UDP port(s) used to send data during the configuration process. For example: A Cisco router is configured to send NetFlow v9 using port 9996 to the Flow Replicator. 9996 will be used during the profile creation process.

It is important to send data to the Flow Replicator first. Once the exporters are sending data to the Flow Replicator, profiles can be configured to replicate the data to the appropriate collectors. The profile command is used to manage profiles on the Flow Replicator. The required parameters for creating a profile are name, listening port, and sending port.

profile <add|update> name listen_port send_port

In the above example, the Cisco router is sending data to the Flow Replicator on port 9996. The Scrutinizer Flow Collector is listening for flows on port 2055. A profile is created to listen on port 9996 and send on port 2055 as follows:

REPLICATOR> profile add maine 9996 2055

Success: Profile 'maine' has been added and enabled.

Done in 0.316286 secs

REPLICATOR> show profile maine

+--------------------------------+-----------------------------------------+
| maine                          | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+

 Policies                     Exporters     ->    Collectors
 -                            -                   -

+--------------------------------+-----------------------------------------+
Done in 0.01249 secs

Next, add the exporter (i.e. Cisco router) to the profile using the exporter command.

REPLICATOR> exporter add 10.1.1.1 maine

Success: Exporter [10.1.1.1] -> Profile [maine]

Done in 0.183711 secs

REPLICATOR> show profile maine
+--------------------------------+-----------------------------------------+
| maine                          | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+

Policies                     Exporters     ->    Collectors
(include) 10.1.1.1/32        -                   -

+--------------------------------+-----------------------------------------+
Done in 0.014918 secs

As soon as the Flow Replicator detects traffic from 10.1.1.1 on port 9996, the exporter will show up in the Exporters column. This indicates that the Flow Replicator is actively replicating to the collectors specified.

Lastly, add a collector to the profile.

REPLICATOR> collector add 10.1.4.20 maine

Success: Collector [10.1.4.20] -> Profile [maine]

Done in 0.439209 secs

+--------------------------------+-----------------------------------------+
| maine                          | IN PORT 9996 -> OUT PORT 2055
+--------------------------------+-----------------------------------------+

 Policies                     Exporters     ->    Collectors
 (include) 10.1.1.1/32        10.1.1.1            10.1.4.20

+--------------------------------+-----------------------------------------+
Done in 0.011346 secs

The profile is complete. Within moments, the replicated traffic can be verified within the collector’s interface.