LEDs are shown in the upper right hand corner to give the status on various critical operations of the flow collection and reporting architecture.
[x] [ ] [ ] [ ]
System Services LED
This LED reports back on the following:
The status of the plixer flow collector service. It will be red if down or running via the command line interface (CLI). The Flow Collector receives flow data from network devices, processes it, and stores it in the appropriate database tables. The collector is also responsible for rolling raw 1 minute data into 5 minutes, 30 minutes, 2 hours, 12 hours, 1 day, and 1 week intervals. Currently the collector service supports NetFlow v1, v5, v6, v7, v8, v9, IPFIX and sFlow v2, v4 & v5 as well as jFlow, cflowd, NetStream and others.
To run it at the command prompt (i.e. CLI) type in:
cd \
cd scrutinizer\bin\ (could also be in c:\program Files\Scrutinizer\bin)
scrut_collector.exe
NOTE: the output is for internal use only.
The status of the plixer watcher service. It will be red if it is down. This service is responsible for saving data beyond 24 hours and several other functions. It is also required for Flow Analytics.
The status of the plixer domain service. It is necessary for Flow Analytics and constantly resolves IP addresses to DNS names. The Watcher Service handles and coordinates the execution of system tasks and user scheduled tasks such as scheduled reports and RSS feeds. Watcher also tracks the time it takes to execute tasks. If a task takes too long, it terminates the process and sends an alarm and (if configured) a syslog.
Currently several Scrutinizer house cleaning tasks are scheduled by default that routinely clean up and optimize the Scrutinizer installation. These system tasks include events that gather vitals, expire DNS entries, remove temporary files, check for alarm conditions such as flow data stopping or system memory is low, and database optimizations.
To run it at the command prompt (i.e. CLI) type in:
cd \
cd scrutinizer\bin\
scrut_watcher.exe
NOTE: the output is for internal use only.
The status of the plixer mysql collector service, will be red if the database is not running.
NOTE: NetFlow v1 does not contain all of the same data as NetFlow v5 (e.g. tcpControlBits, bgpSourceAsNumber, bgpDestinationAsNumber, sourceIPv4PrefixLength, destinationIPv4PrefixLength). NetFlow v9 contains a lot more information. There is more information on these different NetFlow versions here.
[ ] [x] [ ] [ ]
MFSN LED
This LED turns yellow if the collector is Missing Flow Sequence Numbers. If only one or a few of all the flow sending devices are showing up, it is likely the network or the flow exporting device that is dropping or skipping flows. If all devices show up, it is likely to be the collector that is dropping flows.
To improve performance, make sure the server hardware meets the minimum requirements. Visit the Vitals report for trending details.
[ ] [ ] [x] [ ]
Long Lived Flows LED
This LED turns yellow if the collector is receiving flows with a total flow duration beyond 60 seconds. Make sure these Cisco or similar commands have been entered on the flow exporting device (e.g. routers or switch):
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
Learn more about the above commands here.
[ ] [ ] [ ] [x]
Server Health LED
This LED detects if vital server statistics and database tables are healthy. If disk space drops below 2 GB or available memory is less than 128 MB, the LED will turn yellow and a message is sent to the Alarm tab. If disk space drops below 500 MB, the collector will stop saving NetFlow. Also, if database corruption is detected, the LED will turn red.
In the event that the collector has stopped because of low disk space, a utility can be run that expires history to free up space. You will need to go to Admin Tab, then settings/data history, and adjust the current retention settings.
Open a CMD prompt, navigate to the scrutinizer/bin directory, and type in the following command:
scrut_util -expire_history
When it runs, it looks at the settings in the master configuration then purges based on the current time. If the Collector service had stopped, go to the Windows Service manager and restart the Plixer_Flow_Collector service and you will begin receiving and processing flows again.