Scrutinizer is a Netflow repository tool created by Plixer. It provides a very intuitive GUI front-end that allows network administrators to quickly use collected Netflow data for auditing, troubleshooting, and reporting purposes.
There are two versions of Scrutinizer, both a free and paid version. Note that the free version dumps the database every day at midnight so you are limited in long term analysis capabilities.
The following text assumes that you have a working knowledge of Netflow.
Scrutinizer “listens”; it does not poll network devices. This means that the configuration is very simple and is very common for Cisco devices. Listed below are very basic commands used to enable Netflow exportation on a Cisco 6500 device. Some of these commands are unique to the 6500 platform and will not be required on an ISR router, for example. Those unique platform commands are bolded below.
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 192.168.1.1 9996
ip flow ingress layer2-switched vlan 10-11
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
mls nde sender version 5
mls aging long 64
mls aging normal 64
interface Vlan10
ip route-cache flow
interface Vlan11
ip route-cache flow
access-list 10 remark SNMP-access-list RO
access-list 10 permit 192.168.1.1
snmp-server community snmpread RO 10
Further information on setting up Netflow can be found here and here.
Setting up your Scrutinizer installation to be accessible remotely is as simple as finding the configuration file located in the "*\scrutinizer\apache2\conf\httpd.conf" file and replacing "ServerName localhost:8080" to something of your liking such as "Servername .domain.com:8080". Once completed, you can log in via a web browser (just remember to include the port of 8080 after the URL).
This will get your base installation completed, in future posts I'll go over how to configure Scrutinizer so you can get started with the Netflow analysis.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment