Interactive Mode Commands

At any time, running the command help, help <command>, <command> ?, or ? will display help in the interface.

acknowledge

The Flow Replicator actively monitors the state of exporters and collectors. If either one is in an alarm state, the acknowledge command can be used to stop the Flow Replicator from sending notifications about unavailable resources.

  • acknowledge <exporter|collector> ip_address:port
REPLICATOR> acknowledge exporter 10.1.1.2
REPLICATOR> acknowledge collector 10.1.1.1:2055

backup

Creates a backup of the database in /home/replicator/backups/<filename>. Lists the files in /home/replicator/backups with the date they were last accessed. Backups can be restored using the restore command. Backup names can not contain any spaces.

  • backup [filename]
  • show backups [filename]
  • restore [filename]
REPLICATOR> backup replicator_backup
REPLICATOR> show backups
REPLICATOR> restore replicator_backup

collector

The collector command is used to add or remove collectors from profiles.

  • collector <add|remove> collector_ip profile
REPLICATOR> collector add 10.1.1.1 maineStreet
REPLICATOR> collector remove 10.1.1.1 maineStreet

The allremove directive will remove the specified collector IP address from all profiles.

  • collector allremove collector_ip
REPLICATOR> collector allremove 10.1.1.1

Collectors receive replicated packets. Some collectors may not be able to handle high volume. Use this option to set or remove a packet per second threshold.

  • collector threshold collector_ip threshold
REPLICATOR> collector threshold 10.1.1.1 100000

exporter

The exporter command is used to add or remove exporters from profiles.

  • exporter <add|remove> exporter_ip profile
REPLICATOR> exporter add 10.1.1.2 maineStreet
REPLICATOR> exporter remove 10.1.1.2 maineStreet

The allremove directive will remove the specified exporter IP address from all profiles.

  • exporter allremove exporter_ip
REPLICATOR> exporter allremove 10.1.1.2

The noprofile directive will list all exporters actively sending packets to the Flow Replicator that are not configured in any profiles.

It’s recommended to either add these exporters to a profile or configure them to stop sending packets to the Flow Replicator.

exporter noprofile

REPLICATOR> exporters noprofile

+--------------------------------------------------------------------------+
| 10.1.73.1         Wed Jul 16 11:06:37 2014         1 packet(s)
| 10.1.29.60        Wed Jul 16 11:06:38 2014         2 packet(s)
| 10.202.0.103      Wed Jul 16 11:06:39 2014         5 packet(s)
| 10.200.10.1       Wed Jul 16 11:06:39 2014        32 packet(s)
| 172.20.124.41     Wed Jul 16 11:06:33 2014         1 packet(s)
+--------------------------------------------------------------------------+
Done in 0.035998 secs

This list contains the IP Address of the exporter, the last time stamp a packet was received, and the number of packets counted since the last packet summary. It is possible to have 0 packet(s) for exporters that export data infrequently.

license

The license command is used to manage the Flow Replicator license key.

To generate a license key, Plixer or the reseller will need the Flow Replicator’s unique machine ID. The machine ID is displayed when issuing the license check command. The following command can be used to show licensing details.

  • license <check|status>
REPLICATOR> license check

      Machine ID : 5YZ6XEPV66C766369M8DBN2A
Licensed Version : 3.1
   Licensed Type : valid
      Expiration : Thu Jul 28 2016

License expires in 730 day(s)

The license key can be configured on the Flow Replicator using the license set command.

  • license <set|update>
REPLICATOR> license set

When applying the license key, it must be one continuous string without any line feeds or carriage returns on the same line as the license=

[replicator]
engine=sqlite
dbname=/home/replicator/html/db/replicator.db
user=
pass=
license=Nb7RuYhxJWxUv9u+nTdHCnRj5R9EiXQv5qDS9WO41jC4XBBYkErNZ6Q+Oi+Q+6uGwfaQJZO6QzE3wjgWsf2CfqlCp3SdO5/txz6yhFurK7Cz4Js1kuraTt96Q1pRru9zCk5gUxbNjISzI3BlY75eMMDddTFv2XKJRxzDe8CK8N1Ov4Okkod1gx9tWW2xFToAJmTyYXGYgIWGFhWOrPTvCB+t1j3kuqnaf/HgVYMahQgDjPHhbuq2ft2HA1iuhRZU2q0Bt8TbSy+6CmvKLe7tSqht5V9bSLYQSdaJ1/gntqAJaa4dGG4fBGmDgK30zLkC+OEFm402axzCmQ==

In the new window, under “license=” paste in your license key. Press CTRL+x to save.

Issuing either the license check or show status command will verify the key is properly installed. Contact technical support to acquire a new license key.

notate

The notate command can be used to add a description to a profile or IP Address. The description does not require enclosure quotation marks.

  • notate <profile|ip> <profile_name|ip_address> description
REPLICATOR> notate profile maineStreet A fun and happy place
REPLICATOR> notate ip 10.1.1.2 my awesome router

This description will show up in various reports generated by the show command.

password

The password command will change the password used for the replicator user in interactive mode and the admin user in the web interface.

  • password <interactive|webui>
REPLICATOR> password interactive
(current) UNIX password:
New password:
Retype new password:

Successful password changes will be applied to the next log in.

This password is used when logging in interactively or to the web interface.

policy

The policy command manages what exporters are automatically included or excluded in profiles. Policy inclusion policies are checked first, then exclusion policies. Policies are defined in subnet/cidr notation.

  • policies <add|remove> subnet/cidr profile <include|exclude>
REPLICATOR> policy add 192.168.0.0/16 maineStreet include
REPLICATOR> policy add 192.168.2.0/24 maineStreet exclude
REPLICATOR> policy remove 192.168.2.0/24 maineStreet

The include/exclude option is only required if using the add directive.

Collectors are not affected by policies.

profile

The profile command is used to add, update, remove, enable, disable, and rename profiles.

The name, listening port, and sending port are required when adding or updating a profile.

  • profile <add|update> name listen_port send_port
REPLICATOR> profile add maineStreet 2002 2055
REPLICATOR> profile update maineStreet 2003 2056

Removing a profile will also remove any policies assigned to it. However, other profiles will remain unmodified.

Disabling a profile will keep its settings, policies, exporters, and collectors intact. However, replication will not occur.

  • profile <remove|disable|enable> name
REPLICATOR> profile remove maineStreet
REPLICATOR> profile disable maineStreet
REPLICATOR> profile enable maineStreet

Profiles can also be renamed with the rename directive. Only the name of the profile will be updated. Use profile update to change other details such as the sending port or listening port.

  • profile rename old_name new_name
REPLICATOR> profile rename maineStreet streetOfMaine

Singularity (spoofing)

Singularity mode will replicate packets as the replicator IP instead of the original exporter’s IP. This allows users to combine packets from multiple exporters into a single exporter IP.

REPLICATOR> profile singularity maineStreet <enable|disable>

By default, the replicator will replicate packets using the original sources of those packets as the exporter.

rebuild

The rebuild command is only necessary when replication services are down and the administrator wishes to rewrite the internal configuration. Otherwise, the Flow Replicator manages all configurations as real time changes are detected.

REPLICATOR> rebuild

The sampcfg command is an alias to the rebuild command.

role

The role command is used when setting up a fault tolerant environment.

  • role set ha master <ip_address>
  • role set ha off
  • role set ha on <priority> <virtual_ip> <ifname> <master|backup>
  • role set primary
  • role set secondary <primary_replicator_ip:listener_port> [timeout]
  • role test <ha|secondary>
REPLICATOR> role set master <ip_address>
REPLICATOR> role set ha off
REPLICATOR> role set ha on 101 10.1.4.223 eth0 master
REPLICATOR> role set primary
REPLICATOR> role set secondary 10.1.4.66:2002 10
REPLICATOR> role test secondary

Reference the section on fault tolerance for more information.

setting

The setting command manages the global configuration for the Flow Replicator. Features can be enabled, disabled, and set.

  • setting set name value
  • setting <enable|disable> name
REPLICATOR> setting set metricsSent 10.1.4.66:2003
REPLICATOR> setting disable convertSyslog

Use the show setting command to get a list of settings in the global configuration.

show

The show command generates reports based on configuration settings and real time data.

  • show alarm [filter]
  • show asset [filter]
  • show collector [filter]
  • show config
  • show exporter [filter]
  • show profile [filter]
  • show realtime [filter]
  • show setting [filter]
  • show status

Most show commands also have a [filter] option which will only display details that match the filter. The entire report is displayed if no filter is included.

The list and sh commands are aliases to the show command.

alarm

Lists exporters that have stopped sending data to the replicator and collectors that are no longer reachable by the replicator.

  • show alarm [filter]
REPLICATOR> show alarm
REPLICATOR> show alarm 10.1.4

asset

Generates a report detailing IP addresses, whether the IP address is an exporter and/or collector, dns names, and descriptions.

  • show asset [filter]
REPLICATOR> show asset
REPLICATOR> show asset plxr.local

collector

Generates a report showing the collector(s) IP address, dns name, description, and which profiles currently include the collector(s).

  • show collector [filter]
REPLICATOR> show collector
REPLICATOR> show collector 10.1.1.1

config

Lists all commands necessary to rebuild all profile settings.

  • show config
REPLICATOR> show config

exporter

Generates a report showing the exporter(s) IP address, dns name, description, and which profiles are currently including the exporter(s).

  • show exporter [filter]
REPLICATOR> show exporter
REPLICATOR> show exporter 10.1.2.5

profile

Lists profiles and all policies, exporters, and collectors associated.

  • show profile [filter]
REPLICATOR> show profile
REPLICATOR> show profile maineStreet

realtime

Peers into the live stream and shows statistics of exporters, in and out statistics, and CPU usage.

  • show realtime [filter]
REPLICATOR> show realtime
REPLICATOR> show realtime 192.168

Press CTRL+C to exit the realtime report.

setting

Displays a list of all global configuration settings, the current values, and whether they are enabled or disabled.

  • show setting [filter]
REPLICATOR> show setting
REPLICATOR> show setting metric

status

Lists all replicator services and licenses, and shows the status of each.

  • show status
REPLICATOR> show status

+--------------------------------------------------------------------------+
| Converting Syslog              ACTIVE
| Replicating Port 2002          ACTIVE
| Replicating Port 515           ACTIVE
| Replicating Port 2003          ACTIVE
| Replicator Vitalizer           ACTIVE
| Replicator License             License expires in 730 day(s)
| Replicator Heartbeat           ACTIVE
+--------------------------------------------------------------------------+
+ process checking took 0.079859 secs

Done in 0.270207 secs

snoop

The snoop command can be used to verify that packets are being received by or sent from the replicator for a certain IP address.

  • snoop <ip_address>
REPLICATOR> snoop 10.1.1.1

Press CTRL+C to exit the snoop command.

system

The system command is used to change state of the replicator. The directive change is used to change the host name or IP address.

  • system <change|restart|shutdown>
REPLICATOR> system change
REPLICATOR> system restart
REPLICATOR> system shutdown
  • system virtualip enable <ifname> <virtual_ip>
  • system virtualip disable <ifname> <virtual_ip>
REPLICATOR> system virtualip enable eth0 10.1.4.223
REPLICATOR> system virtualip disable eth0 10.1.4.223

These commands allow users to add or remove a virtual IP address for High Availability (HA) configurations. For more information see the role command.