Interactive scrut_util

Overview

The interactive scrut_util.exe utility provides access to numerous server maintenance utilities, including password changes, third party integration processes, many routines to access information required for support, and more.

To enable the interactive scrut_util.exe utility, run:

/home/plixer/scrutinizer/bin/scrut_util.exe

Which will open this Scrutinizer prompt:

SCRUTINIZER>

To close the interactive prompt, type ‘exit’:

SCRUTINIZER> exit

Exiting…

[root@Scrutinizer ~] #

Two Modes of Operation

The scrut_util.exe utility has two modes of operation.

1) Interactive:

In interactive mode, the user types in scrut_util.exe hits enter and enters the SCRUTINIZER> command line. Commands can be executed as shown below.

2) Command Line Interface (CLI):

When the user is logged in as root, CLI mode can be run. This allows commands to be executed without entering the SCRUTINIZER> prompt. For example:

[root@Scrutinizer bin]# ./scrut_util.exe – –show alarms – –name threshold

Help Function

The list of available commands can be displayed from within the Scrutinizer utility shell by entering:

SCRUTINIZER> help

For help with specific commands (for example, the “show” command) enter:

SCRUTINIZER> help show

For help with specific extended commands (for example, the “show groups” command) enter:

SCRUTINIZER> help show groups

Commands

Following are the available top level commands:

For each top level command, there are several extended commands as listed below.

check

Runs a test or check against the command provided.
Command Description
check activeif Checks for active flows by looking at active interface details and lists the last timestamp and number of interfaces that received flows.
check data_last_written Checks the activity of collected flow data written to the database.
check database <db_name> <db_pass> Checks the specified database for errors.
check dist_info Checks and displays distributed information about the Scrutinizer Servers.
check hdtest Tests the performance of the hard drive. This is a good way to determine if the hardware is adequate for Scrutinizer’s current flow volume.
check heartbeat <database|api> Checks heartbeat functions to make sure Scrutinizer is internally communicating properly.
check history_index Checks history_index for 1m interval table activity.
check history_index_empty_tables List tables with zero rows from history_index. Please stop the collector prior to running this command. This command will not delete entries reported. To do so, use delete instead of check.
check history_index_orphans Checks entries from history_index for which a table does not actually exist. This should never happen, but occasionally when things go wrong we need something like this to make cleanup easier. This command will not delete entries reported. To do so, use delete instead of check.
check history_table_orphans List tables with no history_index entry. Please stop the collector prior to running this command. This command will not delete entries reported. To do so, use delete instead of check.
check interfaces [all|cisco|hauwei|sonicwall] [host_ip] Tries alternative methods to retrieve interface descriptions. For Cisco and SonicWALL that means using NetFlow data. For Huawei, that means using SNMP and referencing their vendor specific MIBs.
check license Checks and displays license details from the Scrutinizer Server.
check machine_id Checks and displays the current machine_id of the Scrutinizer Server.
check machine_id_list Checks and displays the current, possible, and historical Machine IDs of the Scrutinizer Server.
check objects Verifies that xcheck_hosts all have a corresponding row in objects.
check password rootdb Checks the database root password to make sure it’s the same password represented in the plixer.ini.
check rollcall Analyze rollcall and the state of rollups per time bucket. This is used to confirm the activity of rollups on this Scrutinizer Collector.
check rollups Lists rollups and their current state. This is used to confirm the activity of rollups on this Scrutinizer Collector.
check route <ip> Checks device specified to determine if Scrutinizer can access its routing data.
check serverpref <serverpref> Checks and displays the current value for the specified serverpref.
check simplercv <udp_port> Runs a simple test to see if udp traffic is seen on the udp port provided. This command is useful to determine if flows are received at the top of the stack (i.e. tcpdump -> collector).
check snmp Attempts to get SysObjectID for all devices. If SNMP connected successfully, it will return the credential object. Otherwise, it will return the error message.
check ssl Checks and lists the current settings configured for SSL parameters. Use the set ssl command to modify settings or enable/disable SSL.
check stats_exporters Lists statistical details related to time and exporter activity.
check task <id> Checks the execution times and error codes for the specified task <id>. A list of tasks is available by using the show task command.
check thresholdpolicies Checks and verifies that all threshold policies are correct and functioning properly.
check tuning Checks the operating system and Scrutinizer settings that can be changed to improve Scrutinizer’s performance. Best used under supervision of Plixer Support.
check version Checks to see if a newer version of Scrutinizer is available.

ciscoise

Manage CiscoISE Node Integration with Scrutinizer.
Command Description
ciscoise add <ise_ip> <ise_tcp_port> <ise_user>

Adds a CiscoISE node to the queue to acquire user identity on all active sessions.

The required parameters are the host address <ise_ip>, tcp port <ise_tcp_port>, and user <ise_user> that can access the API.

Scrutinizer will prompt the user for the <ise_user> password.

ciscoise check Tests polling and outputs the results to the screen for review. It’s a good way to verify that Scrutinizer is collecting user identity information properly.
ciscoise kick <ise_id> <mac_address> <user_ip> Kicks the user off the ISE node forcing them to re-authenticate. Minimally the users IP address is required. Optionally, the <mac_address> can be provided.
ciscoise nodelist Lists the currently configured CiscoISE nodes.
ciscoise poll Runs a poll manually and outputs the results to the screen. When integration is enabled, polling is automatically performed routinely. To diagnose issues, run ‘ciscoise check’ or ‘ciscoise test’
ciscoise remove <ise_ip> Removes a CiscoISE node from Scrutinizer. The required parameter <ise_ip> is the IP address of the CiscoISE node.
ciscoise test Tests polling and outputs the results to the screen for review. It’s a good way to verify that Scrutinizer is collecting user identity information properly.
ciscoise update <ise_ip> <ise_tcp_port> <ise_user>

Updates existing configuration settings for a specific CiscoISE node.

The required parameters are the host address <ise_ip>, tcp port <ise_tcp_port>, and user <ise_user> that can access the API.

Scrutinizer will prompt for the <ise_user> password.

clean

Executes housekeeping tasks that are scheduled to run at various times during Scrutinizer’s normal operations.

Warning

These commands will purge data from Scrutinizer. Please use with caution.

Command Description
clean all Executes several housekeeping tasks that are scheduled to run at various times during Scrutinizer’s normal operations.
clean baseline Resets all configured baselines to the default baselines for each exporter. Historical data will not be deleted. However, it will expire based on Scrutinizer’s historical settings.
clean database Cleans out temporary database entries manually. This command is executed automatically every 30 minutes by Scrutinizer’s task scheduler.
clean ifinfo Clears entries in the ifinfo db table that do not have an entry in the activeif db table.
clean pcap [<pcapfile>] Removes all, or if specified, a specific pcapfile from the Scrutinizer server. To see a list of pcap files, execute show pcaplist
clean tmp Removes any temporary files created by the graphing engine. Executing this will perform an on-demand clean up. By default, it is scheduled to be executed by Scrutinizer routinely.

collect

Manually collect data that is useful for Scrutinizer.
Command Description
collect asa_acl Manually collects ASA ACL information from Cisco ASA Devices. This task is scheduled and routinely executed as part of normal operations.
collect baseline Manually collects baseline data and checks for alarms. This task is scheduled and routinely executed as part of normal operations. This command is automatically scheduled to run routinely when baselining is enabled.
collect dbsize Collects database size information.
collect elk <elk_ip>

Manually collect data from Scrutinizer and send it to the configured ELK server.

Reference the Elasticsearch / Kibana (ELK) Integration guide for more detailed information on the ELK integration.

collect optionsummary Manually process flow option data collected by Scrutinizer. This information is routinely processed automatically.
collect pcap <in_sec> [<host>] Collects a packet capture on the interfaces of the Scrutinizer server. Requires a timeout (in seconds) and an optional host name in IP format to further filter the capture.
collect snmp Manually collects SNMP data that is used during Scrutinizer’s operations. This process is automatically scheduled by Scrutinizer to run regularly.
collect splunk <splunk_ip> <port>

Manually collect data from Scrutinizer and send it over to the configured Splunk server.

Reference the Scrutinizer for Splunk Application integration guide for more information

collect supportfiles Collects various log files and server configuration data used by Plixer support to troubleshoot server issues.
collect topology Collects various types of data from devices and Scrutinizer to help Scrutinizer understand the topology layout of the network.
collect useridentity Manually process user identity data collected by Scrutinizer. This information is routinely processed automatically.

counteract

Third-party integration support for ForeScout CounterACT servers.
Command Description
counteract <on|off> <counteract_ip[:port]> Enables or disables support to ForeScout CounterACT servers. Required parameters are <on|off> and the host name and optional tcp port.

delete

This operation deletes database tables and/or database table entries.

Warning

These commands will purge data from Scrutinizer. Please use with caution.

Command Description
delete custom_algorithm <identifier>

Deletes a custom algorithm at the system level. For more information, reference the Flow Analytics Custom Algorithms section.

** Warning ** This command will alter the behavior of Scrutinizer functionality. Please use with caution.

delete history_index_empty_tables Deletes tables with zero rows from history_index. Please stop the collector, if running, prior to executing this command.
delete history_index_orphans Deletes entries from history_index for which a table does not actually exist. This should never happen, but occasionally when things go wrong we need something like this to make cleanup easier.
delete history_table_orphans Deletes tables with no history_index entries. Please stop the collector, if running, prior to executing this command.
delete orphans ** Warning ** This command will delete all known orphan alarm events.

disable

Disables functionality used by Scrutinizer or incorporated as part of customized development.
Command Description
disable baseline <exporter_ip>

Disables all baselines for the specified <exporter_ip>. The historical data will not be deleted. However, it will expire based on Scrutinizer’s historical data settings.

** Warning ** This command will alter the behavior of Scrutinizer baseline functionality. Please use with caution.

disable elk http://<ip:port>

Disables ELK (Elasticsearch, Logstash, and Kibana) flows from Scrutinizer to the URL specified.

Reference the Elasticsearch / Kibana (ELK) Integration guide for more detailed information on the ELK integration.

** Warning ** This command will alter the behavior of Scrutinizer functionality. Please use with caution.

disable splunk http://<ip:port>

Disables Splunk flows from Scrutinizer to the URL specified.

Reference the Scrutinizer for Splunk Application integration guide for more information on the Scrutinizer for Splunk integration.

** Warning ** This command will alter the behavior of Scrutinizer functionality. Please use with caution.

disable vmwaretools

Disables vmwaretools for a Virtual Appliance running on VMware.

** Warning ** This command will alter the behavior of Scrutinizer functionality. Please use with caution.

download

Downloads various files and utilities useful to Scrutinizer’s operations.
Command Description
download hostreputationlists Download the latest Flow Analytics Host Reputations Lists manually. This is also automatically updated.
download installer Download the Scrutinizer installer to perform upgrades.

enable

Enables functionality used by Scrutinizer or incorporated as part of customized development.

Warning

These commands will alter the behavior of Scrutinizer functionality. Please use with caution.

Command Description

enable baseline <exporter_ip> default

enable baseline <exporter_ip> manual <pri_element[,sec_element]> <element> <AVG|COUNT|MIN|MAX|STD|SUM> <dailyhr|busday|sameday>

Enables default or custom baselines (manual) based on elements from NetFlow and IPFIX templates.

Baselining has several parameters available to customize the specific baseline data to collect with the ‘manual’ option.

Please reference the Baselining Overview section for detailed configuration instructions.

enable custom_algorithm <identifier> “<algoname>” Reference the Flow Analytics Custom Algorithms section for specific information on how to configure custom algorithms and create alarm policies.
enable elk http://<ip:port>

Enables ELK (Elasticsearch, Logstash, and Kibana) flows from Scrutinizer to the URL specified. Additional steps are required in Kibana to get the default filters, visualizations, and dashboard.

Reference the Elasticsearch / Kibana (ELK) Integration guide for more detailed information on the ELK integration.

enable splunk http://<ip:port> <syslog port>

Enables Splunk flows from Scrutinizer to the URL specified. The Scrutinizer for Splunk App is required on the Splunk Server.

Reference the Scrutinizer for Splunk Application integration guide for more information.

enable vmwaretools Enables vmwaretools for a Virtual Appliance running on VMware. Running enable vmwaretools also upgrades an existing install of the vmware agent.

endace

Third-party integration support for Endace Probes.
Command Description

endace add <host_ip> <port> <endace_user> <endace_pass>

endace remove <host_ip>

endace update <host_ip> <port> <endace_user> <endace_pass>

Manages integration with Endace Probes. For more information on this integration, reference the Configuring Endace Probe Integration guide.

expire

Purges data history older then the number of days defined by Scrutinizer’s history settings.

Warning

These commands will purge data from Scrutinizer. Please use with caution.

Command Description
expire alarms Expires alarm history from the threatsoverview and fa_transports_violations tables as specified in the Data History Flow Historical 1 Min Avg preference.
expire bulletinboards Purges alarm bulletin board events older then the number of days defined by Scrutinizer’s history settings.
expire dnscache Purges DNS cache older then the number of days defined by Scrutinizer’s history settings.
expire history [trim]

Expires flow data as defined by Scrutinizer’s history settings.

If the optional ‘trim’ mode is passed, Scrutinizer will trim older data to make more space on the hard disk.

expire ifinfo Purges old and outdated interface information.
expire inactiveflows Expires interfaces from the interface view that have stopped sending flows. Entries are expired based on the number of hours specified in the Scrutinizer System Preferences. (Admin -> Settings -> System Preferences -> Inactive Expiration)
expire orphans Purges alarm orphan events older then the number of days defined by Scrutinizer’s history settings.

export

Run various export commands to dump data out of Scrutinizer for external use.
Command Description
export langtemplate <lang_name>

The <lang_name> parameter is required. If the language exists, then it will create a CSV file that shows the english and <lang_name> keys. If the language does not exist, a blank template will be created.

The language file resides at /home/plixer/scrutinizer/files/pop_languages_<lang_name>_template.csv

export peaks_csv <file> <interval> <dir> <date_range> [<group_id>]

Exports a CSV file listing interfaces and peak values based on criteria specified.

Valid options for are specified as raw minutes (1, 5, 30, 120, 720, 1440, 10080).

Directory must exist as a sub-directory of Scrutinizer’s home directory. If specifying /home/plixer/scrutinizer/temp, then use temp as the directory.

The valid <ranges> are Last24hours, LastFifteenMinutes, LastFiveMinutes, LastFortyfiveMinutes, LastFullHour, LastHour, LastMonth, LastSevenDays, LastTenMinutes, LastThirtyDays, LastThirtyMinutes, LastThreeDays, LastTwentyMinutes, LastWeek, LastYear, ThisMonth, ThisWeek, ThisYear, Today, or Yesterday.

<group_id> is optional. To see a list of group_ids use show groups.

import

Run various import commands to bring external sources of data into Scrutinizer.
Command Description
import aclfile Imports ACL information from a file. The file must reside at /home/plixer/scrutinizer/files/acl_file.txt. The format is a direct output of SHOW ACCESS-LIST directly on the exporter.
import applications <path/file> [reset]

Import application rules from a CSV file.

It is recommended to use this file and path for the applications import csv file.

/home/plixer/scrutinizer/files/application_import.csv

A reset option can be passed which will remove all application rules before the bulk import.

Expected format is one named application and one application rule per line. Supported rule types are subnet, single IP, IP range, wildcard, port, and child rules.

Valid application rule syntax for PostgreSQL installs are:

“subnet rule”,10.0.0.0/8
“single ip rule”,10.1.1.1
“range rule”,10.0.0.1-10.0.0.42
“wildcard rule”,10.0.0.1/0.255.255.0
“parent/child rule”,”my subnet”
“ports and protocols”,0-65535/256

Valid application rule syntax for MySQL installs are:

“subnet rule”,10.0.0.0/8
“wildcard rule”,10.0.0.1/0.255.255.0
“parent/child rule”,”my subnet”
“ports and protocols”,0-65535/256

Applications must have at least one port rule and one of the IP rule types defined above. Applications not defined this way will be imported, but may not be tagged properly in flow data.

The format for a ports rule is:

‘flowclass name’,port-port/protocol id

‘port-port’ can be a range of ports (0-65535), or a single port (443-443)

Frequently used protocol ids are:

TCP - 6
UDP - 17
All protocols - 256

PostgreSQL installs support up to 100,000 individual application rules.

MySQL installs support up to 500 individual application rules.

import asns <path/file> [<delimiter>]

Imports custom asn definitions from a csv file. The is a required field. The path should be specified from after the /home/plixer/ scrutinizer/ directory. The is an optional parameter and defaults to ” ” (i.e. space).

The csv file name must be all lowercase and requires these elements, in this order:

AS Number,AS Name,AS Description,IP Network(s)

The fields are comma delimited, whereas the optional parameter applies specifically to the IP Network(s) element. A comma cannot be used for the IP Network(s) delimiter.

Example File:

213,my_list,what a great autonomous system,10.0.0.0/8 192.168.0.0/16
214,your_list,meh its an okay system,11.0.0.0/8

Example Command:

SCRUTINIZER > import asns files/custom_asn.import
import csv_to_gps <csv_file> <group_name|group_id> [<create_new>] [<file_format>]

Uploads latitude and longitude locations of devices from a csv file and imports them into an existing Google map.

The csv file must be located in the ‘/home/plixer/scrutinizer’ directory. If the csv file is in ‘/home/plixer/scrutinizer/files/’, enter ‘files/[name_of_file]’ as the file name.

The csv file format is ‘ip,latitude,longitude’. If the csv file format is different, specify that layout as the <file_format> command parameter.
EXAMPLE: “ip,lng,lat”

EXAMPLE CSV FILE:

10.169.1.3,37.7749,122.4194
192.168.6.1,40.7128,74.0059

Provide either the group ID or group name in the arguments.
The group_id can be determined by running show groups.
Using the optional <create_new> parameter will add new objects if the IP address does not already exist.

EXAMPLE COMMAND:
SCRUTINIZER> import csv_to_gps import_gps.import 3
EXAMPLE COMMAND with <create_new> and different file format
SCRUTINIZER> import csv_to_gps import_gps.import 3 create_new ip,lng,lat
import csv_to_membership <csv_file> <grouptype> [<file_format>]

Imports group definitions from a csv file.

The csv file must be located in the ‘/home/plixer/scrutinizer’ directory. If the csv file is in ‘/home/plixer/scrutinizer/files/’, enter ‘files/[name_of_file]’ as the file name.

The <grouptype> field refers to the map type that will be created if the group in the csv file does not already exist and can be either ‘flash’ or ‘google’.

The default csv file format is ipaddr,group. If the csv file format is different, specify that layout as <file_format> command parameter.
EXAMPLE group,ipaddr

EXAMPLE CSV FILE:

10.169.1.3,Routers
192.168.6.1,Firewalls
import hostfile

Imports a custom hosts.txt file that contains a list of IP Addresses and hostnames. The file format is:

IPv4orIPv6Address HostName Optional Description

Example:

10.1.1.4 my.scrutinizer.rocks The Best Software in my company

The file must be located at /home/plixer/scrutinizer/files/hosts.txt.

** Warning ** This command will alter database tables in Scrutinizer. Please use with caution.

import ipgroups [<path/file>] [reset]

Import ipgroup rules from a csv file.

It is recommended to use this file for the ipgroups import csv file:

/home/plixer/scrutinizer/files/ip_group.import

A reset option can be passed which will remove all ipgroup rules before the bulk import.

Each line of the file is an individual ipgroup with the name of the group as the first field and the rules of the group separated by a space in the second field. Supported rule types are subnet, single ip, ip range, wildcard and child rules. Any child groups must already exist in Scrutinizer or be declared in the import file BEFORE it can be used as a rule in another group.

Valid ipgroup rule syntax for PostgreSQL installs are:

‘subnet rule’,10.0.0.0/8
‘single ip rule’,10.1.1.1
‘range rule’,10.0.0.1-10.0.0.42
‘wildcard rule’,10.0.0.1/0.255.255.0
‘parent/child rule’,’my subnet’

Valid ipgroup rule syntax for MySQL installs are:

‘subnet rule’,10.0.0.0/8
‘wildcard rule’,10.0.0.1/0.255.255.0
‘parent/child rule’,’my subnet’

If a named ipgroup within the import file already exists in Scrutinizer, that group’s existing rules will be overwritten by those declared in the file.

PostgreSQL installs support up to 100,000 individual ipgroup rules.

MySQL installs support up to 500 individual ipgroup rules.

moloch

Third-party integration support for Moloch probes.
Command Description
moloch <on|off> <moloch_ip> <moloch_port> Manages integration with Moloch probes. The <moloch_port> parameter is optional.

optimize

Run various optimization tasks.

Warning

These commands will alter database tables in Scrutinizer. Please use with caution.

Command Description
optimize common Optimizes tables that are commonly inserted and deleted. This action keeps things neat and clean for the database. This command is routinely executed as part of normal operations.
optimize database <db_name> <db_pass> Optimizes the tables in the database specified.

repair

Run various database check and repair commands.
Command Description
repair business_hour_saved_reports Saved reports prior to 15.5 that were saved with business hours will require a manual check and repair. This command converts older saved reports with business hours specified to the newer format.
repair database <db_name> <db_pass> Repairs errors for the database specified.
repair history_tables

Fixes history tables that have the wrong col type for octetdeltacount. It may be updated in the future to address other issues.

** Warning ** This command will alter database tables in Scrutinizer. Please use with caution.

repair policy_priority_order

With some professional services and automated policy creation, some policy IDs have been known to get out of whack (or duplicated). This function fixes that.

** Warning ** This command will alter data in Scrutinizer. Please use with caution.

repair range_starts

Fixes history tables that may not have a start time that helps identify the range of data within the individual history tables.

NOTE: This command may take a long time to complete. Only execute under the direction of technical support.

** Warning ** This command will alter database tables in Scrutinizer. Please use with caution.

services

Manages the Scrutinizer services.

Warning

This command will alter Scrutinizer’s operations. Please use with caution.

Command Description
services <service|all> <action> Starts, stops, or restarts the specified service (or all services).

set

Modifies certain behaviors on how Scrutinizer authenticates and performs operations.
Command Description
set dns

Modify system file to manage list of dns servers.

This command will remove any preconfigured dns servers. User show dns to see what is currently configured.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set hostinfo <ip_address> <fqhn>

Set the local machine name to the fully qualified host name provided. Ensures that /etc/hosts is configured to resolve between the given <fqhn> and <ip_address>.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set httpd <port>

Change the web port of non-ssl installs for the Scrutinizer WebUI. Use set ssl to change the SSL port.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set myaddress

Change the IP Address of the current Scrutinizer Server.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set ntp

Modify system file to manage list of ntp servers.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set partitions <partition_name>

Expand the operating system disk space for hardware and virtual appliances.

NOTE: Make a backup before using this command.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set password rootdb

Modify the database’s root password.

** Warning ** This command will alter how Scrutinizer and/or users access data. Please use with caution.

set password scrutdb

Modify the database’s scrutinizer password.

** Warning ** This command will alter how Scrutinizer and/or users access data. Please use with caution.

set password webui <user>

Modify the webui password for the specified user.

** Warning ** This command will alter how Scrutinizer and/or users access data. Please use with caution.

set registercollector

Manually register this collector for both stand-alone and distributed use.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set reportmenu

Manually recreate the report menu.

NOTE: The report menu is automatically maintained based on the flows received.

set salt <salt>

Setting a salt value will allow users to mask certain machine characteristics from any license key generated.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set selfregister [reset]

Manually registers this Scrutinizer Server to identify itself for both stand-alone or distributed functionality.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set selfreporter

Promotes this Scrutinizer Server to a reporter.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set sshcollectorkeys

Generate a new SSH key pair, and distribute it to all active, registered machines. Any previous SSH key pairs will be overwritten unconditionally, making this suitable for resynchronizing SSH access should problems arise.

This enables future functionality to perform upgrades and other maintenance operations en masse.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set ssl <on|off>

Enable or disable SSL support in Scrutinizer. It only works with the local Apache server bundled with Scrutinizer.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

Please reference the System/SSL section for detailed configuration instructions.

set timezone <timezone>

Set the server’s time zone. To see a list of time zones, run show tzlist

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set tuning

This command will alter some operating system and Scrutinizer settings in these database tables: plixer.exporters and plixer.serverprefs; and these files: sysctl.conf, postgresql.conf , and plixer.ini.

** Warning ** Please use with caution or under the supervision of Plixer Support.

set voip <on|off>

Toggles the predefinition of VoIP port ranges on or off.

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

set yum_proxy <host> <port> <user>

Used to set up yum proxy setting in the yum configuration file. This command will remove any previously configured proxy servers.

All fields are required. Once all fields are entered on the command line, a prompt for the users password will appear. To see what proxy servers are currently configured, use show yum_proxy

** Warning ** This command will alter Scrutinizer’s operations. Please use with caution.

show

Shows various details about the Scrutinizer Server.
Command Description
show alarms [filter] Displays a list of alarms ordered by timestamp, descending.
show custom_algorithms Displays a list of custom algorithms available and whether they are enabled. For information on managing custom algorithms, reference the Flow Analytics Custom Algorithm section.
show diskspace Displays details about available storage.
show dns Displays a list of DNS servers currently used to resolve hostnames. Use the set dns command to change the list of DNS servers.
show exporters [filter] Displays a list of exporters that are currently sending data to Scrutinizer based on the supplied filter (if any).
show extalarms [filter] Displays a list of alarms with extended json data ordered by timestamp, descending.
show groups Displays a list of groups currently configured on this Scrutinizer server.
show interfaces [filter] Displays a list of interfaces that are currently sending data to Scrutinizer based on the supplied filter (if any).
show ipaddresses Displays the current ip address(es) on this Scrutinizer server.
show metering [filter] Displays a list based on the supplied filter (if any) of matching exporter IPs and how each interface is metered (i.e. ingress and/or egress).
show ntp Displays a list of NTP servers currently used to sync time.
show partitions

Displays a list of partitions on the current Scrutinizer Appliance. This command is only available for Hardware and Virtual Appliances.

Use show diskspace if looking for diskspace per volume (or partition).

show pcaplist List what current pcap files have been created and their sizes. Pcaps can be removed using the clean pcap command.
show serverpref [filter] Displays serverprefs and their current values. The filter parameter is optional to narrow the serverprefs to match the string provided.
show task [name] Displays a list of tasks currently configured in Scrutinizer. The name parameter is optional to narrow the task names to match the string provided.
show timezone Displays the current timezone of this Scrutinizer Server. Use set timezone command to modify the timezone.
show tzlist [filter] Displays the list of timezones.
show unknowncolumns

List info elements from exporters that are unknown to Scrutinizer.

Don’t fret! Give the list to Plixer and support will be added for it!

show yum_proxy Displays the currently configured yum proxy settings. To change these settings, use set yum_proxy

Note

If after running the show command the results are long, ‘q’ can be typed in to quit and return to the SCRUTINIZER> prompt.

snoop

Listens at the interface level for traffic from the specified interface or ip address.
Command Description
snoop interfaces <interface_name> Listens at the interface level for traffic from the specified interface.
snoop ipaddresses <ip_address> Listens at the interface level for traffic from the specified ip address.

system

Scrutinizer system level functions.

Warning

This command will alter Scrutinizer’s operations. Please use with caution.

Command Description
system <restart|shutdown> system update [schedule|unschedule]

Performs system level functions such as rebooting, shutting down, or applying operating system level patches.

To enable daily scheduled operating system updates, run the ‘system update schedule’ command. This will run the system update command every day at a random time. This time is selected outside of the ‘business hours’ set in Admin > Settings > System Preferences. An alert is sent to Scrutinizer describing what time this command will run. To change the time, simply run the ‘system update schedule’ command again. A new time will be selected.

To disable daily scheduled operating system updates, run the ‘system update unschedule’ command.

If operating system patches are applied, all Scrutinizer services will be restarted and could cause a minute of missed data.

**The ‘system update’ command will break installs prior to version 18.** **Do not attempt to run this command on version 17.11 or prior**

upload

Uploads files for troubleshooting purposes.
Command Description
upload pcap <capturefile> Uploads the specified packet capture collected by the collect pcap command. To see a list of captures on this server, execute show pcaplist
upload supportfiles Uploads files for troubleshooting purposes.

version

Displays Scrutinizer version.
Command Description
version Shows version information about Scrutinizer.