D.C. Douglas Watch the Videos
Frequently Asked Questions

Q1. What is NetFlow?
Q2. What is sFlow?
Q3. What are the different versions of NetFlow available?
Q4. How is NetFlow different from traffic analyzers like MRTG?
Q5. Is Cisco the only vendor supporting NetFlow?
Q6. Is a trial version of Scrutinizer available for evaluation?
Q7. What are the differences between the free and commercial version?
Q8. What are the system requirements?
Q9. How do I enable NetFlow on my Cisco Router?
Q10. How do I find out if my Cisco equipment supports NetFlow?
Q11. What if I need features that Scrutinizer doesn't support?
Q12. Does it support other Languages?
Q13. How will enabling NetFlow affect the performance of the router/switch?
Q14. How long do I have to wait before the graphs are populated?
Q15. Why are some interfaces labeled as IfIndex2, IfIndex3 or just 1, 2, 3, etc.?
Q16. How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs?
Q17. Scrutinizer related services are not starting or not installed properly. What do I do?
Q18. Overall utilization on the interface appears to be understated. Why would this be?
Q19. How do I delete all DNS resolutions in Scrutinizer?
Q20. How do I setup my router to forward netflows to two destinations?
Q21. How do I enable remote access to MySQL?
Q22. How do I replace the Telnet option in Scrutinizer with an SSH client?
Q23. Why are my graphs reporting over 100% utilization?
Q24. How do I find out if any updates are available for Scrutinizer?
Q25. I have forgotten my Scrutinizer password. How do I find out what it is?
Q26. What do I do if the Apache server doesn't get setup as a service during the Scrutinizer install?
Q27. How do I know what updates or patches are available for Scrutinizer?
Q28. Why am I having trouble installing Scrutinizer using a Remote Desktop Connection?
Q29. Why do I have a blue box over my graphical trends?
Q30. How do I setup SSL with Scrutinizer?
Q31. What are the known bugs?
Q32. Why do I receive a "Somix product already installed" error when trying to install Scrutinizer?
Q33. How do I use another drive for the data?
Q34. How do I interpret the nProbeLive traffic?
Q35. Why don't all of the colors print correctly when I try to print an emailed report?
Q36. Can Scrutinizer run in VMWare?
Q37. How do I install Scrutinizer on Windows Vista?
Q38. How do I exclude Scrutinizer in Symantec AntiVirus?
Q39. How do I setup integration between Scrutinizer and WhatsUp Gold v11?
Q40. Why am I seeing "XX" in my select boxes in Firefox 2.0.0.4?
Q41. My clickable links on the Flash map don't work! I'm using Firefox 2.0.0.4.
Q42. Why are my IPs not resolving, even though I have configured my DNS properly in Windows?
Q43. What can be done to speed up the interface of Scrutinizer?
Q44. I'd like to change the mySQL "scrutinizer" user password from the default to something more secure. Is there anything else I need to do other than set the password in mySQL?
Q45. How do I get Scrutinizer running on IIS instead of Apache web server?

Q1: What is NetFlow?
Cisco® NetFlow technology is an embedded feature within Cisco IOS routers and high end switches (e.g 6500 series). NetFlow data records consist of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. Scrutinizer uses this information to generate graphs and reports on traffic patterns and bandwidth utilization. More information can be found here.

Q2: What is sFlow?
Unlike NetFlow which aggregates multiple conversation streams into a single packet, sFlow is a packet sample of traffic. Although it offers 100% of the packet, when used strictly for IP accounting, it is unreliable. More information can be found here.

Q3: What are the different versions of NetFlow available?
Version 1 is the original format supported in the initial NetFlow releases, while version 5 is the standard and most common NetFlow version deployed. Version 5 is an enhancement that adds Border Gateway Protocol (BGP) autonomous system information and flow sequence numbers. Version 6 is similar to version 7. This version is not used in the new IOS releases. Version 7 is an enhancement that exclusively supports NetFlow with Cisco Catalyst 5000, 6500 and 7600 series switches. Version 8 is an enhancement that adds router-based aggregation schemes. It was introduced to reduce resource usage, and includes a choice of eleven aggregation schemes. Version 9 is an enhancement to support different technologies such as Multicast, Internet Protocol Security (IPSec), and Multi Protocol Label Switching (MPLS). Versions 2, 3 and 4 either were not released.

Scrutinizer currently supports NetFlow versions 1,5,6,7 and 9. It also supports sFlow version 2, 4 and 5. IPFIX, JFlow and NetStream are also supported.

Click here for more details.

Q4: How is NetFlow different from traffic analyzers like MRTG?
MRTG and other such equivalent tools provide information that is largely limited to SNMP statistics. NetFlow is more geared toward application-level details such as hosts, protocols, and conversations, which are an inherent part of IP traffic.

Q5: Is Cisco the only vendor supporting NetFlow?
NetFlow technology was invented by Cisco, and Cisco IOS devices offer NetFlow compatibility. There may be other vendors offering NetFlow support on their devices. Scrutinizer has been tested on over a dozen different vendors.

Q6: Is a trial version of Scrutinizer available for evaluation?
Yes. A free version of Scrutinizer can be downloaded from here. You can get an evaluation license to try the full version by filling out this form.

Q7: What are the differences between the free and commercial version?
Read about the differences between the free and commercial version of Scrutinizer by clicking here.

Q8: What are the system requirements?
Scrutinizer's system requirements are detailed here.

Q9: How do I enable NetFlow on my Cisco Router?
Click Here for detailed instructions on how to enable NetFlow on Cisco routers and switches.

Q10: How do I find out if my Cisco equipment supports NetFlow?
Click Here to find out if you have a NetFlow compatible Cisco router or switch.

Q11: What if I need features that Scrutinizer doesn't support?
At plixer, we understand that our software needs to be flexible. If you want a feature added, we may be able to work with you. Click Here to learn about our professional services.

Q12: Does it support other Languages?
Support for other languages is currently in development.

Q13: How will enabling NetFlow affect the performance of the router/switch?
Click Here for detailed information on exactly how enabling NetFlow will affect the performance of your Cisco router or switch.

Q14: How long do I have to wait before the graphs are populated?
Less than 5 minutes. Make sure you have the NetFlow configured correctly on the router or switch. You might want to try debug mode.

Q15: Why are some interfaces labeled as IfIndex2, IfIndex3 or just 1, 2, 3, etc.?
This happens if the interfaces did not respond to the SNMP requests sent by Scrutinizer. Bring up the SNMP view that lists all the interfaces and click the Update button. Click here to learn more.

Q16: How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs?
Edit this file: C:\WINDOWS\system32\drivers\etc\hosts and enter the IP to name translations.

Q17: Scrutinizer related services are not starting or not installed properly. What do I do?
If services, such as Apache, are not installing or starting properly, changes may need to be made to the Windows DEP settings.

Make sure you have administrative rights for the computer Scrutinizer is being installed on. Do not install Scrutinizer via a terminal session.

Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. On any Windows XP (SP2) or Windows Server 2003 the collectd.exe and index.cgi files should be excluded from DEP or set to Windows Services only.

In order to exclude these files: Right click My Computer, select Properties and click the Advanced Tab. Next, click "Settings" under Performance and select Data Execution Prevention. Here you have the option to "Turn on DEP for essential Windows programs and services only" or "Turn on DEP for all programs and services except those I select:"

If you choose "Turn on DEP for all programs and services except those I select:", then you will need to manually add the collectd.exe, index.cgi and filed.exe files found in the "\SCRUTINIZER\html\" directory.

Click Apply and OK when done; then OK again to exit.

Once the necessary files are excluded from DEP protection, Scrutinizer will need to be re-installed.

Q18: Overall utilization on the interface appears to be understated. Why would this be?

1. Make sure NetFlow is enabled on all physical interfaces of the device. Don't be concerned with the virtual interfaces, as they will auto-appear once NetFlow is enabled on the physical interface.
   
   
2. If the hardware can't keep up with sending the NetFlow packets, it will drop NetFlows before they even leave the device. To check to see if this is the problem, login to the Cisco device.
   
Command to type: Router_name>sh ip flow export

At the bottom of the export, look for something like "294503 export packets were dropped due to IPC rate limiting". If this counter is incrementing, the hardware cannot keep up with the export demands.


3. The command below breaks up long-lived flows into 1-minute segments. You can choose any number of minutes between 1 and 60; if you leave the default of 30 minutes you will get spikes in your utilization reports.
   Command to type: ip flow-cache timeout active 1


4. The command below ensures that flows that have finished are exported in a timely manner. The default is 15 seconds; you can choose any value between 10 and 600. Note however that if you choose a value that is longer than 250 seconds Scrutinizer may report traffic levels that appear low.
   Command to type: ip flow-cache timeout inactive 15


5. NetFlow version 5 only exports IP traffic (i.e. no IPX, etc.) and no layer 2 broadcasts are exported by this version of NetFlow.

Q19: How do I delete all DNS resolutions in Scrutinizer?
Log into the mysql prompt and "delete * from scrutinizer.hosts".

Q20: How do I setup my router to forward netflows to two destinations?
Type the "ip flow-export destination" command twice:
router-name# ip flow-export destination 10.1.1.8 2055
router-name# ip flow-export destination 10.1.1.9 2055

Q21: How do I enable remote access to MySQL?
Follow the steps below:

1. Open a DOS command prompt on the Scrutinizer server.
2. Run the following command from the ~\SCRUTINIZER\mysql\bin directory:
   mysql -u root --password=
3. A mysql> prompt should be displayed.
4. To create a remote user account with root privileges, run the following commands:
   GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@'IP' IDENTIFIED BY 'PASSWORD';
   
   'USERNAME' is the username to be created.
   'IP' is the public IP address of the remote connection.
   'PASSWORD' is the password to be assigned for this username.
   (IP can be replaced with % to allow this user to logon from any host or IP)
   
   mysql> FLUSH PRIVILEGES;
   mysql> exit;

Click here for more information on limiting MySQL user accounts.

Note: To assign the root user with a password, run this command:
mysqladmin -u root password YOUR_NEW_PASSWORD

Q22: How do I replace the Telnet option in Scrutinizer with an SSH client?
Follow the steps outlined in the "How to replace the Telnet option in Scrutinizer with an SSH client" document.

Q23: Why are my graphs reporting over 100% utilization?

1. The interface speed is not correct. Scrutinizer uses the speed specified in the SNMP OID. Click on the speed of the interface to manually type in the correct speed.
2. The active timeout has not been set to 1 minute on the router.
3. Non-dedicated burstable bandwidth, where the ISP allows you to use over the allocated bandwidth.
4. Both ingress and egress NetFlow collection have been enabled on the interface. This can work properly, however NetFlow should be turned off on other interfaces. Scrutinizer works ideal when only ingress NetFlow collection is configured on all interfaces.
5. Do you have any encrypted tunnels on the interface?
   • 47 - GRE, General Routing Encapsulation.
   • 50 - ESP, Encapsulating Security Payload.
   • 94 - IP-within-IP Encapsulation Protocol.
   • 97 - EtherIP.
   • 98 - Encapsulation Header.
   • 99 - Any private encryption scheme.
   This can cause traffic to be counted twice on an interface. Scrutinizer v5.5.1 can be patched to remove the above traffic. Contact us for the patch.

Q24: How do I find out if any updates are available for Scrutinizer?
In your local Scrutinizer install, click the Status tab. If updates are available, you will see a spinning blue icon in the upper right hand corner. If you have a proxy server, this spinning icon will always appear. Click on it to find out the latest version.

Users can also type the following commands in a command prompt, from the ~\SCRUTINIZER\html\ directory, to list the currently installed version of Scrutinizer:
index.cgi -v
collectd.exe -v

Q25: I have forgotten my Scrutinizer password. How do I find out what it is?
In your local Scrutinizer install, type the following commands in a command prompt, from the ~\SCRUTINIZER\mysql\bin directory:

1. mysql -u root
2. use scrutinizer
3. select * from userslist\G;
   
   This will display all users and their passwords. If there are numerous users, you may need to scroll through to find your username and password.
   
   
4. Exit

Note: These MySQL commands must be run from the Scrutinizer server.

Q26: What do I do if the Apache server doesn't get setup as a service during the Scrutinizer install?
This happens generally because another version of apache is installed, but currently isn't running. To fix this problem, edit the file ~\SCRUTINIZER\apache2\conf\httpd.conf using a text editor (e.g. Notepad, Wordpad, etc.). Find the line "Listen". There will be "Listen 80", or something similar, around line 54 in this file. Change this to another port such as "Listen 8181" then Save and Close the file.

Now start Apache by typing the following command from the ~\SCRUTINIZER\apache2\bin directory:
apache

Verify apache is running. It should appear to hang at the command line, press CTRL+C and execute the following so that the services gets setup correctly:
apache -k install -n scrutinizer_apache2 C:\scrutinizer\apache2\bin\

Notice the service is now listed and it is up and running. It should be configured to automatically startup on reboot.

Q27: How do I know what updates or patches are available for Scrutinizer?
Visit the Scrutinizer Update History page to find the latest updates and patches for Scrutinizer.

Q28: Why am I having trouble installing Scrutinizer using a Remote Desktop Connection?
Installing Scrutinizer using a Remote Desktop Connection or similar is not supported by InstallShield. You must be on the console of the computer when installing Scrutinizer.

Q29: Why do I have a blue box over my graphical trends?
Check the version of your browser. Only IE 6+, Firefox 1.5+, and Mozilla 1.7+ are currently supported. Also, make sure you are using the "default" web browser security settings.

Q30: How do I setup SSL with Scrutinizer?
Click Here for instructions on how to install and configure SSL with Scrutinizer.

Q31: What are the known bugs?
Click Here for further details on known Scrutinizer bugs that are currently being worked on.

Q32: Why do I receive a "Somix product already installed" error when trying to install Scrutinizer?
If the following registry is found, you will receive this error:
\\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App\Paths\configure.exe

The solution is to rename the registry key. This renaming will do no harm to your system and will quickly allow you to work with Scrutinizer.

Q33: How do I use another drive for the data?

1. Stop the Scrutinizer mysql service.
2. Copy the scrutinizer\mysql\data directory to the new drive.
3. Edit the scrutinizer\mysql\my.conf file, changing the drive letter for the datadir=x:/SCRUTINIZER/mysql/data/ entry.
4. Start the Scrutinizer mysql service.

Q34: How do I interpret the nProbeLive traffic?

Inbound and outbound are moot points (i.e. don't matter) with the nProbeLive because there is ONLY 1 interface. Traffic in and out the switch port are being sent to the nProbeLive which doesn't know if the traffic was received or sent on the mirrored switch port. nProbeLive can only deduce the source and destination of the packet. Look again at this:

Notice: All interfaces matches itself:

inbound src = outbound src
inbound dst = outbound dst

Here is an example:
Bob sends packets to Sally. Bob is both the inbound and outbound source (Src) to Sally as there is ONLY 1 interface. On this same packet, Sally is the inbound and outbound destination (Dst). When Sally replies to Bob with a packet, the opposite holds true.

In Summary: When looking at nProbeLive traffic, just look at:

	"All" interfaces from the drop down box
	inbound traffic as outbound will be exactly the same
	The Top Conv tab provides the easiest to comprehend data
	On the Hosts tab: just toggle Src and Dst

Q35: Why don't all of the colors print correctly when I try to print an emailed report?

This can be caused by an option found in some browsers and email clients.

In Internet Explorer:

	Open the "Tools" menu.
	Click "Internet Options."
	Click the "Advanced" tab.
	Scroll down to the "Printing" section.
	Check "Print background colors and images."
	Click "OK."

This change will carry over to Outlook and Outloook Express.

Q36: Can Scrutinizer run in VMWare?

Yes, but as with any virtualized environment, you may experience sharp declines in performance when your server's resources are divided between many sessions.

Q37: How do install Scrutinizer on Windows Vista?

1. Double-click the installer to start the process as normal.
2. Click "continue" when prompted by UAC.
3. Unblock apache.exe when prompted by UAC.
4. Unblock collectd.exe when prompted by UAC.
5. Installer will read "File Copy Complete — Executing Install Scripts."
6. Click "OK" to finish when installation is complete.
7. Run 'services.msc' from the command line or the 'Run' dialog.
8. Stop the following services:

• Cron service
• Scrutinizer Filer Service
• Scrutinizer Netflow Collector
• scrutinizer_apache2
• scrutinizer_mysql

If you experience trouble, please post at http://forums.somix.com.

Q38: How do I exclude Scrutinizer in Symantec AntiVirus?

1. From within Symantec, expand the "Configure" option from the tree menu and select "File System."
2. Click the "Exclusions" button.
3. Click the "Files/Folders" button.
4. Find the Scrutinizer directory and check the box next to it.
5. Click "OK" to finish.

Q39: How do I setup integration between Scrutinizer and WhatsUp Gold v11?
Visit the WhatsUp Gold v11 Integration page for instructions on setting up WhatsUp Gold v11 and Scrutinizer to work together.

Q40: Why am I seeing "XX" in my select boxes in Firefox 2.0.0.4?
This is a known bug with the 2.0.0.4 build of Firefox. It is expected to be patched in the upcoming 2.0.0.5 release. It occurs when a visible/hidden style is applied to a select box after a page has loaded, which occurs in several places throughout Scrutinizer. It does not affect functionality in any way.

Q41: My clickable links on the Flash map don't work! I'm using Firefox 2.0.0.4.
Firefox 2.0.0.4 contains a bug that sporadically prevents the links on your icons in the Flash maps from working. This bug does not exist in the Firefox 1.5/1.8 branch, nor in any version of IE or Opera. The bug has been logged with Mozilla and we are awaiting word of a patch.

Q42: Why are my IPs not resolving, even though I have configured my DNS properly in Windows?
In certain situations, Scrutinizer may not be able to properly resolve IP addresses. This usually happens when there are multiple DNS servers with disparate records. To deal with this, Scrutinizer allows you to specify your DNS servers in a file rather than get the settings from the Windows Registry. The steps are outlined below:

1. Create a file in the \scrutinizer\html directory called dns.conf.
2. Open this file with a text editor like Notepad.
3. Create a list of DNS servers in the file in the format below.
   nameserver 192.168.1.1
   nameserver 166.186.184.2
   nameserver 224.39.1.171

Now that you have created this file, you should now be able to go into the Scrutinizer web interface and do lookups properly.

Q43: What can be done to speed up the interface of Scrutinizer?

1. Disable antivirus software, or at least exclude the Scrutinizer directory from antivirus scanning.
2. Run software to defragment the hard drive frequently (e.g. Diskeeper).
3. Does the machine Scrutinizer is installed on meet our minimum hardware requirements?
4. Are there other applications running on the server (e.g. WhatsUp Gold, SolarWinds Orion, MRTG, etc.)? If so, they should be turned off.
5. Is the Microsoft IIS Service running? If so, it should be turned off.
6. Are you running Scrutinizer in a VMware session? This will cause unnecessary slowness.
7. Does your company have a proxy server? Scrutinizer tries to connect to plixer.com on many of the pages and proxy servers which block Scrutinizer's access to the internet can cause interface slowness.
8. Are you receiving flows from over 200 unique devices? You must meet our minimum hardware requirements.
9. Click on the Vitals Tab within Scrutinizer. Are you receiving over 200 UDP Datagrams/Sec? You must meet our minimum hardware requirements.
10. Call us at (207)324-8805 x3 and we can help you to optimize your Scrutinizer installation.

Q44: I'd like to change the MySQL "scrutinizer" user password from the default to something more secure. Is there anything else I need to do other than set the password in MySQL?
Yes. you need to add the following lines to the conf.cgi file (found in the \scrutinizer\html directory):
$conf{'dbUser'};
$conf{'dbPassword'};
$conf{'dbPort'};

Q45: How do I get Scrutinizer running on IIS instead of Apache web server?
Below are guides on setting up Scrutinizer to work on IIS. Select from IIS version 6 or IIS version 7.

Scrutinizer IIS 6 Setup Guide
Scrutinizer IIS 7 Setup Guide

* Requires Scrutinizer v6.0 or higher.

Home > Products > Denika Performance Trender > Frequently Asked Questions