Available Updates

Join the
NetFlow Knights
Community Forums!

Plixer International, Inc. Scrutinizer NetFlow and sFlow Analyzer

### IMPORTANT NOTES ###

It is important to backup your database before upgrading any software.
It is recommended to upgrade to this version.

For more details on the new features below, reference the Plixer website and Scrutinizer documentation.

Version 10.1.3 - 3/14/2013

Download Scrutinizer

Upgrade Scrutinizer

Change Log History

Version 10.1.3 - 3/14/2013

+ Added additional database tuning options
+Increased the default UDP buffer size
+ Upgrade install to now include Adobe Flash Player Distribution 11.6.602.180
- Fixed an issue with data aggregation calculations in some reports
- Fixed an issue where unnecessary database connections were being created

Version 10.1.2 - 2/11/2013

+ Added Cisco wireless access point reports
- nProbe radius info elements
- Percent threshold messages don't need /s
- Manage Exporters: "Microsoft's Personal Firewall..." message on Linux install
- Error in the collector logs
- Turn on resolve DNS when a device is added to the network volume algorithm
- Investigate Vulnerability Labs issues
- Need improve upgrade for information elements
- Scheduled reports not working
- Unable to email or schedule email a report with a CSV attachment
- custom_reports_thresholds fa_script is stuck in a state of running
- Report Designer "Report Field" never finishes loading
- Apache log error from mapping library
- Scheduled reports not being sent when addressed to multiple email addresses
- Update AS numbers
- Upgrades can change the control port
- Search function not working when some devices are included
- NetFlow from an Avaya device is crashing 1min data table
- Host Names: Can't save a new host name with "Queued" Resolved DNS
- "Copy to" in dashboards only works the first time
- Bulletin Board: Policy Name with an apostrophe breaks JavaScript
- Sometimes the Latency by Interface gadget does not work.
- Status > CrossCheck List loads JSON in main div and fades out
- Broken image in notification queue for "SnmpTrap" Alert Type
- PfR report value formatting
- Report Designer -> Make Copy fail for reports which there is no longer a exporter.
- After you delete all you dashboards, you can't create one
- mIAM OSes report pagination says 'null of null'
- A space in an IP Range filter prevents it from working correctly
- Mapping objects don't keep IP address changes
- Optimized collection across distributed collector ports
- Filter on TOS shows Uncategorized rather than the TOS name
- Source and destination IP should only allow LIKE / NOT LIKE for advanced filters
- Underscore in advanced filter causes oops error
- Policy Manager: Broken link for a policy that has an action of delete
- Report type becomes undefined >> undefined
- Apostrophe breaks search.html query
- NF_F_XLATE_SRC_ADDR_IPV4 and NF_F_XLATE_DST_ADDR_IPV4 filters from table menus did not work

Version 10.1.1 - 1/2/2013

- Status > Top Interface content not loading
- The plixer_flow_collector service is stuck in stopping state after upgrade
- Sonicwall icons are displayed instead of Paloalto icons for paloalto devices in device tree
- Rollups failing after upgrade to 10.1
- Status tab -> Report wrapping under browser's fold in demo server.
- Email of Pie Chart reports is failing

Version 10.1 - 12/4/2012

+ New Sonicwall CPU Report Type
+ Added Interface Speeds to Emailed Reports
+ Added forensic audit report type
+ Added Virtual Appliance soft shutdown with VMTools
+ Added option to display traffic indicator dots/ants in mapping
+ Created a migration tool for Windows to appliance upgrade
+ Added more flexibility by allowing the use of count treatment in Report Designer
+ Added a new firewallEvent denied flows algorithm for new ASA export format (and any firewall exporting the standard firewallEvent element)
+ Added new firewallEvent reports to work with the new ASA export format (and any firewall exporting the standard firewallEvent element)
- Alarm Orphans: Delete Orphan formatting
- Should be a tooltip when the Default Report is not available
- Reset report default globals when changing reports
- Must be a number warning for NF_F_FW_EVENT search in Flowview
- Vitals syslog rrd graphs don't appear to be updating after rebooting the Virtual Appliance
- Connection fails to mail server for email alerts if authentication required
- Scrutinizer can only generate one PDF at a time for emailed reports
- IP Groups rename / delete bug
- Calculated column filter doesn't work with availability
- Graph colors should be closer to the report table colors
- Can't change scrutdb password on Linux
- Can't read Scrutinizer logo on the login page
- Link between device and object not showing up
- Launching a report from topints_popup.html does not remember the Default Flow Report setting
- Keep track of group in html popup of mapping configuration
- Have flash maps scale better in dashboards
- Switching \theme\" system preference to SonicWall in non-SonicWall EOM installs breaks login screen"
- Alarm related services don't always start on Linux after a reboot
- Fix "undefined" message when saving MTM license
- Investigate Flowalyzer DB post install script errors
- Detached maps do not resized vertically
- can also be detached again.
- IP group report shows entries that are not defined
- Cisco PfR category is missing after 9.0.0 upgrade to 10
- Duplicate SonicWALL applications
- v10 - Top Interface reports no longer show interface names (only ifindex instance)
- Multiple entries were created in the xcheck_hosts table for some exporters
- Appliance Avail HDD graph looks at the wrong partition
- Unable to save 3rd party integration in Crosscheck
- Saving a gadget refresh to 0 causes loop
- Cannot filter out TOS without losing TOS description.
- Crashed tables for option templates
- Enable default report only where applicable?
- Insert into crontab fails on upgrade because the ID is already taken by a scheduled saved report
- Verify flow rates and MFSNs for v9 and IPFIX
- Report Designer: Make cursor a pointer for Trend by and delete
- XML load errors when a report link in a map no longer works
- Map links disappear on refresh
- MFSN LED's are not properly activating
- New devices are blue after Windows -> Linux database migration
- Make sure mail server template ID dependencies are resolved
- 5m conversations on the hour are being doubled
- Reports don't work with migrated data
- Country icons missing on appliances
- Palo Alto report category shows on ASA device
- Connections by report only show total in mapping
- Crontab entries collide on multiple tasks during upgrade on a server with scheduled reports
- Phone home might need to be updated due to ASA changes
- Denika connections error when trying to load report in mapping
- Percentage threshold option not in Flow Reports Thresholds gadget
- Mystery rate column in some reports
- Mapping undo does not visually undo connector
- TIMEOUT when deleting an exporter in Manage Devices
- Reports display in English instead of native language
- Context menu positioning breaks after scrolling down
- Grab the latest IANA IEs
- Check for Update revision version incorrect in 10.0
- Report Designer not loading template list for some devices
- Report table > Not all columns with IPs addresses resolve their domain
- Map works under the maps tab, but not in a dashboard
- Report breaks from Conversation WKP to Host to Host report
- Labels for Denika Connections in Google Maps are wrong

Version 10.0 - 10/22/2012

+ New collector featuring improved flow rates, improved communication with the frontend, and a mechanism for sending alarms to scrutinizer
+ Add links in maps based on saved reports
+ Allow report thresholds to be set based on exceeding a rate
+ FA Top n algorithms can be configured per device
+ Upgraded MySQL version to 5.1.63
+ Scrutinizer is now using Apache 2.2.22
+ Added dotted outline underneath Dashboard gadgets when moving them
+ Added support for Riverbed NetFlow-v9 custom elements
+ Added Google Map "Hybrid" option via Show Labels
+ Google Maps remember settings when they refresh
+ Allow sFlow devices to be included in FA algorithms
+ Include the time frame in Top Interfaces for emailed reports
+ Allow direct access to Dashboards tabs by URL
+ Send a syslog when any of the services are running low on memory
+ Added informative title bar to indicate which "View" a user is in
+ Send an Alarm when users or their passwords are changed or created
+ Improved CrossCheck alert formatting
+ Added IP Grouping definition interface, reports, and filters
+ Added new Report Designer to create custom reports
+ Added a percent option to Inbound Thresholds
+ Caching of NBAR application definitions from option templates to improve report speed and ensure application names are always displayed.
+ Improved mapping
+ Improved sFlow decoding
+ Improved Exinda template support
+ Improved template naming and flexibility
+ Added Extreme IPFIX support
+ Icons can now be set to change colors based on a chosen Primary Status option (e.g. Flows, Polling, etc.)
+ Polling can now be configured with "up" and "down" dependencies per-device for more intelligent status monitoring
+ Added NBAR support for multiple vendors
+ Added more flexibility to Flash map editing
+ Added customized background images to mapping
+ Maps are now more theme aware
+ Map connections now support connecting two icons with a saved report
+ Added multiple connectors between devices in mapping
+ Added option from Device Overview to view all interfaces
+ Added an easier way to navigate to rename templates
+ Added more time interval options for reports
+ Flowalyzer data is now available beyond 1 minute intervals
+ Added Host to Host with Next Hop report
+ Added Availability by device report
+ Added connections RTT medianet report
+ Reports can now be viewed using rate or percent in maps
+ Added Barracuda device icons
+ The watcher service has been replaced
+ mIAM OSes Views report now provide a list of switches
+ The emerging threats list is now based on IP Reputation and includes categories
+ An IP / DNS button has been added in mapping
+ Added a ASA Denied Flows Algorithm
+ Added IP Group filter to reporting
+ Added a new dark teal skin theme
+ The unfinished flows and internet threats algorithms can now be configured to use source or destination IP as the violator
+ Added Cisco ASA biflow support
+ Added HD test to scrut_util
+ New view: mIAM Hosts by OS added
+ Use totals tables when there is a template filter
+ Added additional checks and balances for security between components
+ Enhance template naming capability
- [fixed] Don't insert noSuchObject when SNMP object doesn't exist
- [fixed] Scheduled reports running at times different than when they are scheduled
- [fixed] Vitals skip under high load
- [fixed] Scheduled alarms and top interfaces reports are emailed several hours late
- [fixed] No message in Manage Exporters when SNMP fails
- [fixed] Display formatted times for flowstartmilliseconds_plxr and flowendmilliseconds_plxr in Flowview
- [fixed] Sonicwall HTTP_URL element id occasionally causing inserts to fail
- [fixed] Images plot beyond the background of image
- [fixed] Top Interface message now looks inconsistent
- [fixed] Flow Hopper information that is the same shouldn't be highlighted
- [fixed] Subnet filter and subnet display work differently (too much default)
- [fixed] Verify credentials are in CrossCheck methods after an upgrade
- [fixed] xCtrl and yCtrl are not sent back with updated values when the map is saved
- [fixed] Table '...' is marked as crashed and last (automatic?) repair failed
- [fixed] Can't generate PDFs for status tab reports
- [fixed] Crosscheck list last 5 poll cycles out of sync
- [fixed] Flowalyzer is coming into appliance, but not in the tree menu
- [fixed] Pie charts percentages don't match those in table data
- [fixed] Backup /files/log files on upgrade
- [fixed] Stacked/unstacked control showing for pie-charts
- [fixed] Policy manager report not returning results when using logical filters
- [fixed] Google map icon changes to flash map icon on tree menu refresh
- [fixed] Default 24-hour report option displays even when selecting reports in other timeframes
- [fixed] Authentification failure on special character passwords during login
- [fixed] Collector stops when expiring history
- [fixed] Vitals RRDs not ported correctly after 8.6.1- 9.5 upgrade
- [fixed] Pie chart by number of packets graphs incorrectly
- [fixed] Orphans time stamp search has unexpected results
- [fixed] PDF export doesn't include outbound traffic
- [fixed] Address issue where users want threats destination vs. threats source
- [fixed] Clicking on poller icon from device overview or crosscheck get error when using SSL certificate
- [fixed] Calls www.google.com when not using google maps
- [fixed] Upgrade always resets system skin to retro-darkalt
- [fixed] Flowalyzer trending is duplicated
- [fixed] Flow examiner is not showing egress flows when present
- [fixed] Creating a new group with a space in the name results in %20 in the name
- [fixed] Packets column should switch between rate and total in status reports
- [fixed] Emailed reports don't include comment
- [fixed] Lost style in device tree tooltips
- [fixed] CrossCheck notifications command line parameter is incorrectly formatted
- [fixed] Removing the admin tab Privileges removes the report list from tree menu
- [fixed] Bidirectional status reports don't show direction in table
- [fixed] Creating a group in Mapping and then navigating directly to connections breaks the interface
- [fixed] Total column in csv export should use bits or bytes in the column label
- [fixed] Scrutinizer: interface exceeded threshold should have a spoof address
- [fixed] Internet threats monitor shows a destination as the violator
- [fixed] Allow + signs in email addresses - [fixed] Can't email reports that have no results
- [fixed] (ASA) NF_F_USERNAME filter in Flowview fails if Domain included in username
- [fixed] Prevent multiple entries for the same object in Service Level Report
- [fixed] Missing sFlow exception - [fixed] Better data formatting in Flowview
- [fixed] Alarm filters not working for timestamp
- [fixed] Alarm email notifications failed if authentication was required
- [fixed] Saved status report disappears
- Upgrade sometimes fails to create log folder

Version 9.5.2 - 7/11/2012

- fixed potential vulnerability in calls to report filters
- disabled verbose SQL errors in PHP components

Version 9.5.1 - 6/28/2012

- option template from Nexus 7k crashing tables
- fixed issue with icon colors in Google maps
- fixed issue where some new views appear for SPM users
- fixed issue with login/cookies after upgrade to 9.5.0
- fixed issue where dashboards would make extra AJAX calls
- fixed issue with bulk permissions
- fixed issue with Google map icons being cut off at the edge of a tile
- fixed issue with advanced filter for MAC and IP not having like/not like options
- updated mIAM views not only show entries seen in the last 24 hours
- fixed issue with alarm policy ordering
- fixed issue with non-IP spoofaddr syslogs coming into alarms
- fixed issue with totals sometimes pinching on table boundries
- fixed an issue where emailed reports did not use totals tables

Version 9.5 - 5/14/2012

+ added 5 new flow count reports
+ added 18 new Cisco ASA specific reports added new Cisco PfR reports
+ and PfR Summaries views added a new Cisco PfR Overview Gadget added a
+ new Cisco PfR dashboard added support for Enterasys Mobile IAM
+ (Identity Access Management) flowhopper is now enabled by default
+ users can now run reports from the flow examiner internet threats
+ algorithm now identifies the source address in the alarms added
+ support for barracuda devices
+ the newest Adobe Flash Player (11.2) is now included
+ added support for Riverbed devices a link to Cisco
+ IronPort is available in Other Options Menu for a device Service Level
+ Reports can now be filtered by groups
+ 6 column option is now available in Dashboards Dashboards have a new
+ look when dragging gadgets around added and updated many countries
+ maps for Scrutinizer Maps
+ Eventlogs for Logalot are no longer natively supported. However, a 3rd party agent can be used
- fixed several formatting issues
- fixed issue with column sorting in the bulletin board
- the flow report thresholds gadget can now save values < 1000
- fixed sorting issues in the orphans view
- can now schedule reports for same minute on different hours
- flowalyzer will no longer crash when using SNMPv3/aes
- report menu has been reordered to simplify navigation
- the "SNMP enabled" checkbox in device details will no longer break the interface if repeatedly clicking
- sflow devices no longer give oops error when looking at 30m intervals
- sflow devices no longer give oops error when applying subnet filter
- fixed some timestamps in flowview to be human readable
- clicking save no longer removes the interval header in reports
- fixed templates and icons related to Enterasys devices
- sometimes a space was being passed to IPs causing them to fail DNS
- adding the %m in notifications manager will no long cause a script error
- report names that were too long will no longer cause save issues
- backing up plixer.ini to current directory will no longer cause upgrade issues
- fixed some formatting issues with flowhopper
- the upgrade will no longer write plixer_install.ini to the wrong place
- a couple of issue where FA gadgets were using bits instead of bytes
- the Logalot reporting interface now has a working modify button
- Passive PfR Jitter report has been removed since there will never be results
- fixed formatting issue when resizing summary views
- deleting a dashboard tab should no longer remove the main tabs
- flowalyzer RTT/availability reports were incorrectly allowing interface filters
- FA will no longer allow sFlow devices into algorithms that won't yield results
- the collector will now display the proper version from CLI
- fix issue where object list wouldn't display when configuring maps
- addressed slowness when viewing Flash Maps
- fixed issue where logalot email notifications would fail, although tests emails worked
- fixed an issue that prevented 3rd party tools from launching Scrutinizer views
- fixed an issue where thresholds would not process with a Cisco ASA
- flow view should no longer report a flow direction as unknown
- internet threats wasn't clearing its cache before repopulating data
- the getting start video should no longer say it has been removed from YouTube
- google map icons sometimes didn't register the proper status
- fixed issue where notification in status reports would not save properly
- addressed HTTP Authentication Bypass Vulnerability when creating login accounts
- restricted mib file uploads to .txt and .mib extensions
- SNMPv3 with SHA authentication and AES128 encryption will now work properly
- fixed issue with time frames in saved business hour reports
- URL filters will now work properly when a + sign is involved
- fixed issue where syslog facility always used Local0
- addressed potential php vulnerability
- fixed issue where filters were showing up twice

Version 9.0.0 - 1/25/2012

+ Logalot is now Scrutinizer's new advanced Alarming Engine
+ Scrutinizer will now bring up modal if the hard drive is full
+ jQuery 1.5.1 is now included
+ added a cli parameter to test SNMP communication (scrut_util)
+ added more support for nProbe devices
+ added support and reporting for Cisco SLT Flow Exporters
+ added support and reporting for Cisco CTS Flow Exporters
+ added support and reporting for Cisco PfR Flow Exporters
+ added support and reporting for other types of Firewall Flow Exporters
+ added support and reporting for Citrix Flow Exporters
+ added a SonicWALL VPN Report Type
+ Flowalyzer Poller will now supply round trip time and latency for devices
+ authentication can be passed to 3rd party gadgets via the URL now
+ vitals now has number of syslogs collected and processed by Scrutinizer
+ Scrutinizer now officially supports Chrome
+ the dynamic report menu has been updated and streamlined
+ Crosscheck is now Part of Scrutinizer
+ Threats Overview Gadget now reflects Policy Violations from Logalot Alarms
+ administrators can now purge DNS cache from cli (scrut_util)
+ Medianet Packet Loss is % instead of raw packet loss
+ if the flow supports it, a PCAP file can be downloaded with that data
+ for first time log ins, the user will have the option to change their skin
+ Application Latency reports now have clickable links for the Application
+ the font size for map links are now configurable
+ the default Flow Expert tab no longer has Network Volume and Top Domains
+ status reports now have the flexibility to account for no totals
+ users can now apply notification profiles to saved reports
+ users can now get rates for bits, bytes, and packets
+ many flow analytics gadget display de-duplicated flows across all exporters
+ the SonicWALL call filter will now allow partial text matches
+ optimized the SonicWALL VoIP Conversation Report
+ a link is available in reports to show how flows are metered
+ status icons now have a sub status to them
+ flowalyzer generate now allows flows to be up to 60000ms apart
+ mailinizer now supports matrix and sphere
+ totals are now displayed in Traffic Volume reports
+ users can now apply a port speed filter to reports
+ users are no longer required to log out to have some settings take affect
+ there is a server pref that allows users to configure flowview CSV limits
+ for NetFlow v7, changed column name to be more in line with documentation
+ there is a new view called Device Overview
+ some ALL device reports have been added to the tree menu
+ updated the SSL configuration to no longer log passwords
+ MyView is now called Dashboards, Status Dashboards are called Summaries
+ there is a new and improved Top Interface Gadget in Dashboards
+ added a new report of Host > Destinations
+ there is a new and improved Scrutinizer Watcher Service
+ status reports now show how flows are metered: ingress, egress, or biflows
+ apache 2.2.21 and OpenSSL 0.9.8r are now included
+ MySQL 5.1.60 is now included
+ updated countries database for more accurate country association of traffic
+ Adobe Flash Player 11.1 has been packaged with Scrutinizer
+ NBAR is now part of Cisco Advanced Reporting
+ users can set # of datapoints in a graph before it switched to hire intervals
+ FA gadgets will launch your default report instead of flowview
+ newly found templates that are custom are no longer labeled unknown
+ the systrax tab is now the help tab
- fixed issue where tabs disappear if a \ is used in their name
- when saving PDF path, Scrutinizer will now report if the path is valid
- fixed issue where a missing / at the end of link back URL caused issues
- the "Other Options" menu will no longer spill off the page
- fixed formatting issues with mapping in the Chrome Browser
- Flow View will now pass timezone data
- fixed several formatting issue across multiple browsers
- fixed issue where CSS was not properly flushed between upgrades
- fixed issue where TCP flags were not decoded correctly
- fixed formatting of IPv6 addresses
- fixed issue where an unsaved report had a delete option
- fixed issue with wrong unit label for Host Flow Reports
- fixed broken pie reports in Host to Host Jitter by SSRC
- login screen will now detect if you have CAP LOCK on
- fixed issue where Oops message would appear in Traffic Volume Reports
- fixed issue where flowview would sometimes show no results for a report
- fixed issue where emailed reports would fail if there was space in the path
- no longer will filtering on well known port of IGMP break a report
- fixed issue where a user could add a group to itself
- sorting in nProbe Application Latency reports no longer causes an Oops
- fixed issue where APP_MEDIA_PKT_RATE would cause issues with Flowview in 30m
- fixed issue where flowview would sometimes launch the incorrect report
- filtering on GRE traffic no longer causes an oops message
- reports not available in higher intervals are now switching to 1m properly
- fixed formatting issues with mailinizer emailed reports
- fixed formatting issues with SonicWALL URL emailed reports
- dashboards will no longer give errors depending on which gadget loads first
- fixed oops issue when switching from unstacked ToS to DSCP
- logging out or CTRL+F5 is no longer required when changing some system prefs
- fixed sizing issue with Sphere based reports as a gadget
- fixed issue where Flowview would not always render the data interval selected
- the cactus icon has been removed from Device Details
- flowview would show bits for octetDeltaCount, that has been corrected
- some gadgets were missed categorized in the add gadget panel categories
- users can no longer save illegal characters in domain names
- fixed issue where Application Groups CIDR wasn't interpreted properly
- the nightly clean up routine is now managing the images\temp directory
- fixed an issue where some FA graphs reported 0 when there were violations
- fixed issue were available report list reported available when not
- the flow analytic alarm vs. syslog checkbox behavior now behaves correctly
- undefined flow fields were incorrectly available in advanced filters
- option templates are now populating interface names correctly on SNMP fail