Scrutinizer New Features

• Overview
• Scrutinizer Flow Analyzer
• Flow Analytics
• Distributed Flow Collectors
• Service Providers
• NetFlow Probe
• Activating NetFlow & sFlow
• Third Party Integration
• System Requirements
• FAQ
• Product Manual

Statistics & Reporting

• Alarm Conditions
• Application Groups
• Bandwidth Reporting
• Conversation Reports
• Custom Reports
• QoS Reporting
• Historical Trends
• Real-Time Display
• Scheduled Reports
• Service Level Reports
• Multi Service Providers
• Traffic Analysis
• VoIP Analysis

Mapping

• Overview
• Flash Maps
• Google Maps

Architecture

• CollectD
• Drag & Drill
• Custom Interface
• Flog & Capture
• Search & Find
• Vital Signs

Flow Technologies

• Cisco NetFlow
• sFlow
• IPFIX

FAQ

1. What are the system requirements?
2. How do I enable NetFlow on my Cisco Router?
3. How do I find out if my Cisco equipment supports NetFlow?
4. What if I need features that Scrutinizer doesn't support?
5. Does it support other Languages?
6. How will enabling NetFlow affect the performance of the router/switch?
7. How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs?
8. Scrutinizer related services are not starting or not installed properly. What do I do?
9. Overall utilization on the interface appears to be understated. Why would this be?
10. How do I delete all DNS resolutions in Scrutinizer?
11. How do I resolve all IP addresses via the DNS in Scrutinizer?
12. How do I setup my router to forward netflows to two destinations?
13. How do I enable remote access to MySQL?
14. How do I replace the Telnet option in Scrutinizer with an SSH client?
15. Why are my graphs reporting over 100% utilization?
16. How do I find out if any updates are available for Scrutinizer?
17. I have forgotten my Scrutinizer password. How do I find out what it is?
18. What do I do if the Apache server doesn't get setup as a service during the Scrutinizer InstallShield process?
19. How do I know what updates or patches are available for Scrutinizer?
20. Why am I having trouble installing Scrutinizer using a Remote Desktop Connection?
21. Why do I have a blue box over my graphical trends?
22. How do I setup SSL with Scrutinizer?
23. What are the known bugs?
24. Why do I receive a "Somix product already installed" error when trying to install Scrutinizer?
25. How do I use an external storage device for the data?
26. How do I interpret the nProbeLive traffic?
27. Why don't all of the colors print correctly when I try to print an emailed report?

---

Q1: What are the system requirements?
Scrutinizer's system requirements are detailed here.

Q2: How do I enable NetFlow on my Cisco Router?
Click Here for detailed instructions on how to enable NetFlow on Cisco routers and switches.

Q3: How do I find out if my Cisco equipment supports NetFlow?
Click Here to find out if you have a NetFlow compatible Cisco router or switch.

Q4: What if I need features that Scrutinizer doesn't support?
At plixer, we understand that our software needs to be flexible. If you want a feature added, we may be able to work with you. Click Here to learn about our professional services.

Q5: Does it support other Languages?
Support for other languages is currently in development.

Q6: How will enabling NetFlow affect the performance of the router/switch?
Click Here for detailed information on exactly how enabling NetFlow will affect the performance of your Cisco router or switch.

Q7: How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs?
Edit this file: C:\WINDOWS\system32\drivers\etc\hosts and enter the IP to name translations.

Q8: Scrutinizer related services are not starting or not installed properly. What do I do?
If services, such as Apache, are not installing or starting properly, changes may need to be made to the Windows DEP settings.

Make sure you have administrative rights for the computer Scrutinizer is being installed on. Do not install Scrutinizer via a terminal session.

Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. On any Windows XP (SP2) or Windows Server 2003 the collectd.exe and index.cgi files should be excluded from DEP or set to Windows Services only.

In order to exclude these files: Right click My Computer, select Properties and click the Advanced Tab. Next, click "Settings" under Performance and select Data Execution Prevention. Here you have the option to "Turn on DEP for essential Windows programs and services only" or "Turn on DEP for all programs and services exect those I select:"

If you choose "Turn on DEP for all programs and services except those I select:", then you will need to manually add the collectd.exe, index.cgi and filed.exe files found in the "\SCRUTINIZER\html\" directory.

Click Apply and OK when done; then OK again to exit.

Once the necessary files are excluded from DEP protection, Scrutinizer will need to be re-installed.

Q9: Overall utilization on the interface appears to be understated. Why would this be?
1. Make sure NetFlow is enabled on all necessary interfaces of the device
2. If the hardware can't keep up with sending the NetFlow packets, it will drop NetFlows before they even leave the device. To check to see if this is the problem, login to the Cisco device and type in the following:
Router_name>sh ip flow export
At the bottom of the export, look for something like "294503 export packets were dropped due to IPC rate limiting". If this counter is incrementing, the hardware cannot keep up with the export demands.

Q10: How do I delete all DNS resolutions in Scrutinizer?
Log into the mysql prompt and "delete * from scrutinizer.hosts".

Q11: How do I resolve all IP addresses via the DNS in Scrutinizer?
Run index.cgi -resolve from the ~/SCRUTINIZER/html directory.

Q12: How do I setup my router to forward netflows to two destinations?
Type the "ip flow-export destination" command twice:
router-name# ip flow-export destination 10.1.1.8 2055
router-name# ip flow-export destination 10.1.1.9 2055

Q13: How do I enable remote access to MySQL?
Follow the steps below:

1. Open a DOS command prompt on the Scrutinizer server.
2. Run the following command from the ~\SCRUTINIZER\mysql\bin directory:
   mysql -u root --password=
3. A mysql> prompt should be displayed.
4. To create a remote user account with root privileges, run the following commands:
   GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@'IP' IDENTIFIED BY 'PASSWORD';
   
   'USERNAME' is the username to be created.
   'IP' is the public IP address of the remote connection.
   'PASSWORD' is the password to be assigned for this username.
   (IP can be replaced with % to allow this user to logon from any host or IP)
   
   mysql> FLUSH PRIVILEGES;
   mysql> exit;

Click here for more information on limiting MySQL user accounts.

Note: To assign the root user with a password, run this command:
mysqladmin -u root password YOUR_NEW_PASSWORD

Q14: How do I change the Telnet option to an SSH client?
Follow the steps outlined in the "How to replace the Telnet option in Scrutinizer with an SSH client" document.

Q15: Why are my graphs reporting over 100% utilization?

1. The interface speed is not correct. Scrutinizer uses the speed specified in the SNMP OID. Click on the speed of the interface to manually type in the correct speed.
2. The active timeout has not been set to 1 minute on the router.
3. Non-dedicated burstable bandwith, where the ISP allows you to use over the allocated bandwith.

Q16: How do I find out if any updates are available for Scrutinizer?
In your local Scrutinizer install, click the Status tab. If updates are available, you will see a spinning blue icon in the upper right hand corner. If you have a proxy server, this spinning icon will always appear. Click on it to find out the latest version.

Users can also type the following commands in a command prompt, from the ~\SCRUTINIZER\html\ directory, to list the currently installed version of Scrutinizer:
index.cgi -v
collectd.exe -v

Compare this to the Scrutinizer Update History.

Q17: I have forgotten my Scrutinizer password. How do I find out what it is?
In your local Scrutinizer install, type the following commands in a command prompt, from the ~\SCRUTINIZER\mysql\bin directory:

1. mysql -u root
2. use scrutinizer
3. select * from userslist\G;
   
   This will display all users and their passwords. If there are numerous users, you may need to scroll through to find your username and password.
   
   
4. Exit

Note: These MySQL commands must be run from the Scrutinizer server.

Q18: What do I do if the Apache server doesn't get setup as a service during the Scrutinizer InstallShield process?
This happens generally because another version of apache is installed, but currently isn't running. To fix this problem, edit the file ~\SCRUTINIZER\apache2\conf\httpd.conf using a text editor (e.g. Notepad, Wordpad, etc.). Find the line "Listen". There will be "Listen 80", or something similar, around line 54 in this file. Change this to another port such as "Listen 8181" then Save and Close the file.

Now start Apache by typing the following command from the ~\SCRUTINIZER\apache2\bin directory:
apache

Verify apache is running. It should appear to hang at the command line, press CTRL+C and execute the following so that the services gets setup correctly:
apache -k install -n scrutinizer_apache2 C:\scrutinizer\apache2\bin\

Notice the service is now listed and it is up and running. It should be configured to automatically startup on reboot.

Q19: How do I know what updates or patches are available for Scrutinizer?
Visit the Scrutinizer Update History page to find the latest updates and patches for Scrutinizer.

Q20: Why am I having trouble installing Scrutinizer using a Remote Desktop Connection?
Installing Scrutinizer using a Remote Desktop Connection or similar is not supported by InstallShield. You must be on the console of the computer when installing Scrutinizer.

Q21: Why do I have a blue box over my graphical trends?
Check the version of your browser. Only IE 6+, Firefox 1.5+, and Mozilla 1.7+ are currently supported. Also, make sure you are using the "default" web browser security settings.

Q22: How do I setup SSL with Scrutinizer?
Click Here for instructions on how to install and configure SSL with Scrutinizer.

Q23: What are the known bugs?
Click Here for further details on known Scrutinizer bugs that are currently being worked on.

Q24: Why do I receive a "Somix product already installed" error when trying to install Scrutinizer?
If the following registry is found, you will receive this error:
\\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App\
Paths\configure.exe

The solution is to rename the registry key. This renaming will do no harm to your system and will quickly allow you to work with Scrutinizer.

Q25: How do I use an external storage device for the data?

1. Stop the Scrutinizer mysql service
2. Copy the scrutinizer\mysql\data directory to the new drive, mapped drive, or SAN or NAS
3. Edit the scrutinizer\mysql\my.conf file, changing the drive letter for the datadir=x:/SCRUTINIZER/mysql/data/ entry.
4. Start the Scrutinizer mysql service.

Note: With the above changes, the vitals tab will no longer reflect hard drive space accurately. This issue will be fixed in a future release of Scrutinizer.

Q26: How do I interpret the nProbeLive traffic?
Inbound and outbound are moot points (i.e. don't matter) with the nProbeLive because there is ONLY 1 interface. Traffic in and out the switch port are being sent to the nProbeLive which doesn't know if the traffic was received or sent on the mirrored switch port. nProbeLive can only deduce the source and destination of the packet. Look again at this:

Notice: All interfaces matches itself:

inbound src = outbound src
inbound dst = outbound dst

Here is an example:
Bob sends packets to Sally. Bob is both the inbound and outbound source (Src) to Sally as there is ONLY 1 interface. On this same packet, Sally is the inbound and outbound destination (Dst). When Sally replies to Bob with a packet, the opposite holds true.

In Summary, when looking at nProbeLive traffic, just look at:

All interfaces from the drop down box
Inbound traffic vs outbound will be exactly the same
The Top Conv tab provides the easiest to comprehend data
On the Hosts tab: just toggle Src and Dst

Q27: Why don't all of the colors print correctly when I try to print an emailed report?
This can be caused by an option found in some browsers and email clients.

In Internet Explorer:

Open the Tools menu.
Click Internet Options
Click the Advanced tab
Scroll down to the Printing section
Check Print background colors and images
Click OK

This change will carry over to Outlook and Outloook Express.