Scrutinizer Linux Version

[tonydahle]

Currently we are using the 6.0.marc version of scrutinizer on a Linux VM.

What I would like to know is if there are any plans to port Version 7 to Linux.

I want to avoid the nasty overhead associated with running a Windows server. Here is what I can save by having a Linux version:
1. I can easily save at least a gig of memory by running it in Linux. - I need an Antivirus, Active Directory connections, and Software updaters on a Windows Box in our company
2. Time - Uptime is important in monitoring tools. Having a Windows installation means reboot after reboot whenever any program needs an update.
3. Cost / Scale - Running scrutinizer in a VM works great for us. If we switch to the windows version we would need to go to a bare iron install.

Please let me know if this is in the works.

Thanks,
Tony

[tomp]

I regret to inform you that we have decided not to pursue a Scrutinizer 7 Linux build at this time. There is currently no time line of a release.

I apologize for any inconvenience this may cause you.

How many exporting devices is Scrutinizer collecting from?

- Tom

[tonydahle]

Not that many:

Cisco:
36 - 1800 series / 881w - SOHO Routers - all through VPN tunnels
4 - 2800 series - Remote Office Routers - all through VPN tunnels
1 - 3800 series - MPLS Head
10 - 5500 series ASA's - Firewalls / VPN Heads
a few switches

I want to set up a few nprobes around our network, but I am having a hard time figuring out the right syntax for a Windows nprobe. (all the documentation I can find is for linux nprobes)

Tony

[tonydahle]

I installed Version 7.5.1 on a Windows 7 box and I can not get Netflow V9 flows from nProbe, but I can get the information clearly on my v6 Virtual appliance.

The nProbe is running on another Win7 box and is using the following string (IPs changed):

nprobe /i nprobe -n 172.16.2.2:2055 -n 172.16.3.3:2055 -i 0 -i 1 -u 1 -Q 1 -l 5 -t 5 -d 5 -s 5 -V 9 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %SRC_MASK %DST_MASK"

The 172.16.2.2 is our old v6 Virtual Appliance and the 172.16.3.3 is the v7 box.

Looks like I am sticking with my current 6.0 Linux Virtual Appliance. ^_^

Just to note, the following string allows the V7 box to see flows, but it is running netflow version 5 and we want to run version 9.
nprobe /i nprobe -n 172.16.2.2:2055 -n 172.16.3.3:2055 -i 0 -i 1 -u 1 -Q 1 -l 5 -t 5 -d 5 -s 5 -V 5

Tony

[mkrygeri]

Hi Tony,


In the Scrutinizer interface, are you seeing the exporting machine? If so, are there any templates if you click on "Flow Templates" in the devices submenu?
What do you see if you click on "Flow View" in the templates?

I would be interested to see what the export looks like. If you could do a packet capture of the flow data, we can try and see what is happening. As long as the templates are properly formed, Scrutinizer should have no trouble making sense of the data.

Mike Krygeris

[tonydahle]

Hi Mike,

I am able to see the exporting machine. It is showing up as a V9 interface and it does have two flow templates under it.

Flow View ID 1000 shows up with a large spreadsheet of data 22 columns long and over 300 pages of data.
Flow View ID 1001 shows up as a small table 5 columns long and 6 rows.

I am not seeing a graph of data like V6 when I click on the Inbound or Outbound b/s.

As far as a packet capture, would you like one from both the server and end device or just the server?

I would rather send you that data directly rather than posting here. Can you PM me a contact e-mail?

Thanks,
Tony

[mpatters]

super, thank you
mike [at] plixer.com

[dfx]

Cannot get working linux version (from this blog).

Slackware 13.37 i386.
index.cgi - Net::Pcap::constant() not defined at /</var/www/html/index.cgi>Plixer/Net/Packet.pm line 130
collectd - Net::Pcap::constant() not defined at /</var/www/html/collectd>Plixer/Net/Packet.pm line 130
filed - Net::Pcap::constant() not defined at /</var/www/html/filed>Plixer/Net/Packet.pm line 130

having libpcap 1.1.1.

Help, please.

[pauld]

Hello dfx,

I'm sorry to inform you, but the 6.0.5 Linux version is no longer supported as development on it stopped a few years ago.

However, we are looking into bringing back a Linux version for future releases, so keep checking back in.

Thanks,
Paul

[dfx]

Hello, pauld!

Thank you for reply. I'll be waiting for the new release.

But is it really completely impossible to forced to work the old version? May be there are some special requirements (linux distro, library versions)?

Thank you.

[tomp]

Hi dfx,

I would really stay away from version 6. When we do come out with a new Linux version, it won't be an "over the top" upgrade. There are significant improvements from version 6 to 8.6.2 (Current released Windows version).

- Tom

[weaverap]

Just wanting to bump the need for a linux update. We like the ability to use network management tools on Redhat VMs. We want to integrate Zenoss and Plixer tools. Linux is so much easier to harden and much more stable than Windows. If you precompiled an appliance like Zenoss does, the trial exposure would be massive in my opinion.