Available Updates

Plixer International, Inc. Scrutinizer NetFlow and sFlow Analyzer


  • It is important to backup your database before upgrading any software.
  • It is recommended to upgrade to this version. 

For more details on the new features below, reference the Plixer website and Scrutinizer documentation.

Version 11.5.1 - 1/29/2014



Change Log History

Version 11.5.1 - 1/29/2014

- New setting for collector time handling
- Alarm menu sometimes left behind
- Packet spool directories falling behind
- Mailinizer report links missing filters
- Poller errors in the apache log
- MONITOR_INT_START_TIME needs formatting function
- All Devices Summary template is using wrong formatting
- Mailinizer Filters missing from Tree menu
- Deleting one exporter can delete all exporters
- Patched possible security vulnerability for read-only user
- Add VMware Specific Enterprise elements
- Add VMware Specific template naming

Version 11.5.0 - 1/20/2014

+ Status Tab
   * There is a new All Devices view that can be set as the user default view. (Great for users who don’t export interface information)
   * Per interface reports can be run from the device tree in Device Explorer now
   * Improved exporter icon pip color information
+ Flow Analytics
   * All algorithms reviewed and updated
   * Alarms are now de-duplicated
   * Messages were updated to clearly indicate what happened
   * Limits were removed (and ordering)
   * Default thresholds have been adjusted to minimize false positives
   * New indices were added. See Alarms
+ Alarms
   * Major code overhaul that improves speed, reporting, and maintainability
   * Added username and country/IP Group
   * Added Threat Index
   * Added Host Index
   * Added user name column
   * Export to CSV of current Alarms view
   * Added Default Flow Report for Interface Exceeded Threshold Alarm
+ New Reports
   * There are around 80 new reports that include support for:
     + Cisco HSL
     + Exinda
     + F5 Networks
     + NetASQ
     + Probe
     + Riverbed
     + Long term username reporting
     + Cisco ASR high speed logging
     + Connections by flows
     + Cisco AVC reports for IOS XE
+ Updated SonicWALL template names
+ Enhanced Cisco TrustSec (CTS) reports
+ Added total to vitals reports
+ Added support for 2048 and 4096 SSL key sizes
+ Improved LDAP, interface thresholds, and IPFIXify Mailinizer documentation
+ Improved collector performance on Windows
+ Added an IPFIX formatting engine for converting data to IPFIX
+ Upgraded MySQL to 5.1.72
+ Upgraded Apache server to 2.4.6 and PHP to 5.5.4
+ Our virtual appliance now supports vmx9 and ESXi 5.5
+ Added new information element details for:
     + Cisco AVC
     + Cisco WAAS
     + NetAsq
     + Barracuda
     + Exinda
     + QoF
+ Updated Country names
+ Updated AS names

- Need better y legend formatting and description in Status graphs
- ASA NF_F_USERNAME filter fails if domain included in username
- Disallow deleting of a designed report template that is used by a saved report
- AVC report type
- Not seeing AS reports available from Cisco ASR 9K
- Drill in on a gadget and step becomes a line in the graph
- Missing table column in Conversations Exported Infrequently
- TI gadget, Status TI, and Tree Menu all using different rules for icons
- Add group_concat_max_len to my.ini (Endace probe and FA)
- Table formatting after sorting for Status reports
- Improve Device Explorer searching
- Device tree stops responding
- Microsoft Visual C++ Redistributable is failing to install
- On AS reports the percent legend on graph shows incorrectly
- Appliance upgrades without internet access don't install mod_fcgid
- Status > Report Graph: glitch when two consecutive points have coordinates outside graph
- Status report thresholds don't allow for a check of 1
- Notification daemon some notifications failing (Can't locate SNMP_util.pm)
- Web Interface doesn't load in IE11
- IP Group filter not reflected in map connection
- Update username install instructions for IPFIXify to include quotes around path
- Summaries Reports are not loading for certain users
- Palo Alto userId_PA filter showing no results
- Report open from Search view uses wrong time interval
- Truncate Map labels on doesn't work
- Dashboard view name display formatting
- Out bound graph color is wrong
- Threshold - Utilization error when saving settings in free mode
- Allow for mplsLabelStackSection element decodes
- Update scrutinizer Chinese
- Make popups the active windows when we open one
- Keep Autonomous System Numbers current
- Message in dark skin is unreadable
- Top Mail Servers view shows Exchange 2010 as "Unclassified Mailserver"
- PDF report defaults to Graph: Show others on top
- There is an error coming from logalot.pm when fa_cli is run
- Adjust NBAR summary table for Cisco Betas IOS
- Setting user preference for Host Display Type to IP still resolving host in reports and FA gadgets
- Report Designer -> Devices dropdown confuse if two devices have the same name
- Tighten up access to the CSV directory from the browser
- Acknowledge Per Violator - Removes all for a Policy
- Maps utilization should be consistent with its report
- Deleted Maps Objects still generate conflicts in mapping configuration
- Add System Description to Device Overview
- IP Group Delete confirmation says message "application"
- Toggling Rate/Utilization on maps doesn't change anything
- ASA default firewallEvent report filter doesn't work for older ASA versions
- Scrutinizer User Statistics gadget broken in 11.1
- Volume -> Traffic Volume report displayed in Totals shows peaks in rates
- Allow reporting on Huawei egress exports
- Mac OS X 10.9 and Safari 7 errors
- FA: Medianet Jitter Violations Default Flow Report causes Oops! error
- Add v6 support to the IP Address violation algorithm
- FA Exclusions will not update unless w/o an exclusion IP
- Scheduled reports get renamed after upgrade from 10.x to 11.0.3
- Report map link shows no measurement or report name when report is no longer valid
- Addressed possible security vulnerabilities reported by Secunia
- Subnet filter vs ip group for the same subnets: report result don't match
- Updating account with a password that includes a single quote breaks frontend

Version 11.0.3 - 9/25/2013 

+ Add Filter to adjust for ASA 9.1(2) overstating data
+ Flow Analytic query optimization
- "Use of uninitialized value" error when running scrut_util.exe -ssl
- Emailed reports come with two .csv files
- Enhance MRTG config consolidator to support legacy config files
- Installed changelog different than website changelog
- SNMP Trap notifications are not working
- Crosscheck alerts are not triggering notification profiles
- Threat import from file doesn't work
- Some columns incorrectly disallow NULL on rollup
- Rate and Total graphs are reversed for SNMP -> Port Utilization reports
- Flow Metric report graphs only display the top 10
- Backslash in the community string breaks installs
- "Other" menu in report list is gone
- IP groups don't allow for multiple subnets
- Linux: Scheduled reports that include PDF get insecure dependency error
- Nefarious Activity algorithm is not working
- Maps: Sometimes linked reports have incorrect label and time-frames
- AVC PfA Reports -> Review reports with 'Transaction Delay'. It should be 'Transaction Duration'
- Change how we define pollCount

Version 11.0.2 - 8/8/2013

+ Added names for new ASA templates
+ Element ID 65500/monitoringIntervalEndMilliSeconds not being decoded correctly.
+ Added support for new nProbe element DNS_TTL_ANSWER
+ New elements for Saisei Networks
+ New AVC reports for IOS XE
+ Added 4 new Cisco IOS XE information elements
+ Added 10 new IANA information elements
- IE 8 would get stuck on "Loading"
- Manage Exporters interface and license counts did not account for the free vitals exporter
- Variable length paddingOctets decode incorrectly

Version 11.0.1 - 6/27/2013

- Scheduled Reports: Saving "multiple" should refresh report
- No graph in pop up (From top flows)
- Device tree breaks when groups contain each other
- Defined Applications and Protocol Exclusions not loading into the collector
- Search would not find undefined well known ports
- Defined Applications formatting issue
- Emailed reports CSV always resolved IP addresses
- Device Tree Group CrossCheck link is always returning no results

Version 11.0.0 - 6/20/2013

+ Improved, searchable Device Explorer
+ Alarms Heatmap
+ System metrics support
+ Multi-Interface reporting
+ Ability to configure custom internet threats
+ Reporting:
   -Cisco Wireless (WLC)
   -Cisco Application Visibility and Control (AVC) -> Performance Routing (PfR) reports
   -ASA Access Control List (ACL) descriptions and filtering
+ Smartphone and Tablet Support running iOS 6+ or Android 4.2+
+ New Information Element support
+ Vitals are now in a Dashboard, not the Admin tab
+ Alarms History and Reporting now use the Status reporting engine
+ IPFIX Exports from the Scrutinizer server’s IP for MRTG and Vitals
+ Windows 8 and Server 2012 installs are now supported
+ Collector optimizations allow for processing more flows with the same resources.
+ Reporting optimizations render reports more quickly.
+ Ability to send multiple reports in one scheduled email.
+ New Graph Type: Steps graphs
- Searching mIAM Switches view only works by IP
- Log administrative changes
- Filtering report on IP Group is encountering report timeouts
- SNMPv3 issues addressed
- Can't configure notifications for saved reports with certain filters
- nProbe Host to Host Latency calculations
- Email alerts not generated if email server not port 25
- Report Designer -> Review logic that checks for duplicate report names
- Clicking on Dashboard tab brings up blank screen
- The DNS server information is not present on VA (Virtual Appliance) installs
- vmwareToolsInstall.sh is not working
- New connectors appear curved in flash maps
- Google API loads when viewing a flash map
- Scheduled reports failing
- Some services are failing to install in 10.1.x
- White on grey in login screen very hard to read
- Add / Remove box formatting is off in FF
- Status > Views > Define CrossCheck Thresholds
- (Manual) Update manual to talk about MaxMind where we discuss AS
- Nagios 3rd Party Integration %H and %h
- Pie Charts and Bar Charts don't render in PDF files
- Duplicate IPs In crosscheck database - some polled objects in maps blue not in crosscheck
- Device with no templates hangs opening report list
- Security Vulnerability: HTTP TRACE / TRACK Methods Allowed (appliance)
- Security Vulnerability: TLS CRIME Vulnerability
- CrossCheck Summary Graph -> Y axis not always starts at 0
- Host To Host With Next Hop report -> Rank column with wrong width
- Flow and Poller reports don't work with SSL
- GPS Coordinates lookup not working
- FlowHopper lost device hops after upgrade to 10.1.3
- Can't see groups under status
- plixer_flowalyzer_svc service is not included in the Service/Daemon Status LED
- Scrutinizer generating odd syslogs/orphans
- Cannot report drill in on Palo Alto User report
- Custom gadgets show up as null on the Dashboard Gadgets permissions page
- Can't put a policy at the end of the list in Policy Manager
- Citrix flowFlags need a different aggregation type or smarter rollups
- SQL Injection vulnerabilities with PHP
- Can't delete orphans
- Logged collector errors cleaned up
- Interfaces come and go
- Can't delete an application
- Notify that a reboot or all service restart is required after a password change
- v5 header count and actual flows disagree
- Don't warn on ESP data in sFlow
- Crashed tables for new nProbe template
- Grab the latest IANA IE list
- Collector lost connection to database
- Layout for Mapping Configuration seems off
- FA exclusions update fails with no IP Address
- Users-Events-Ext: column name formatting in 1024 x 768
- Missing plus sign on protocol in Network Transports
- syslogd dying
- Some designed reports totals may not add up correctly

Version 10.1.3 - 3/14/2013

+ Added additional database tuning options
+Increased the default UDP buffer size
+ Upgrade install to now include Adobe Flash Player Distribution 11.6.602.180

- Fixed an issue with data aggregation calculations in some reports
- Fixed an issue where unnecessary database connections were being created

Version 10.1.2 - 2/11/2013

+ Added Cisco wireless access point reports
- nProbe radius info elements
- Percent threshold messages don't need /s
- Manage Exporters: "Microsoft's Personal Firewall..." message on Linux install
- Error in the collector logs
- Turn on resolve DNS when a device is added to the network volume algorithm
- Investigate Vulnerability Labs issues
- Need improve upgrade for information elements
- Scheduled reports not working
- Unable to email or schedule email a report with a CSV attachment
- custom_reports_thresholds fa_script is stuck in a state of running
- Report Designer "Report Field" never finishes loading
- Apache log error from mapping library
- Scheduled reports not being sent when addressed to multiple email addresses
- Update AS numbers
- Upgrades can change the control port
- Search function not working when some devices are included
- NetFlow from an Avaya device is crashing 1min data table
- Host Names: Can't save a new host name with "Queued" Resolved DNS
- "Copy to" in dashboards only works the first time
- Bulletin Board: Policy Name with an apostrophe breaks JavaScript
- Sometimes the Latency by Interface gadget does not work.
- Status > CrossCheck List loads JSON in main div and fades out
- Broken image in notification queue for "SnmpTrap" Alert Type
- PfR report value formatting
- Report Designer -> Make Copy fail for reports which there is no longer a exporter.
- After you delete all you dashboards, you can't create one
- mIAM OSes report pagination says 'null of null'
- A space in an IP Range filter prevents it from working correctly
- Mapping objects don't keep IP address changes
- Optimized collection across distributed collector ports
- Filter on TOS shows Uncategorized rather than the TOS name
- Source and destination IP should only allow LIKE / NOT LIKE for advanced filters
- Underscore in advanced filter causes oops error
- Policy Manager: Broken link for a policy that has an action of delete
- Report type becomes undefined >> undefined
- Apostrophe breaks search.html query
- NF_F_XLATE_SRC_ADDR_IPV4 and NF_F_XLATE_DST_ADDR_IPV4 filters from table menus did not work

Version 10.1.1 - 1/2/2013

- Status > Top Interface content not loading
- The plixer_flow_collector service is stuck in stopping state after upgrade
- Sonicwall icons are displayed instead of Paloalto icons for paloalto devices in device tree
- Rollups failing after upgrade to 10.1
- Status tab -> Report wrapping under browser's fold in demo server.
- Email of Pie Chart reports is failing

Version 10.1 - 12/4/2012

+ New Sonicwall CPU Report Type
+ Added Interface Speeds to Emailed Reports
+ Added forensic audit report type
+ Added Virtual Appliance soft shutdown with VMTools
+ Added option to display traffic indicator dots/ants in mapping
+ Created a migration tool for Windows to appliance upgrade
+ Added more flexibility by allowing the use of count treatment in Report Designer
+ Added a new firewallEvent denied flows algorithm for new ASA export format (and any firewall exporting the standard firewallEvent element)
+ Added new firewallEvent reports to work with the new ASA export format (and any firewall exporting the standard firewallEvent element)
- Alarm Orphans: Delete Orphan formatting
- Should be a tooltip when the Default Report is not available
- Reset report default globals when changing reports
- Must be a number warning for NF_F_FW_EVENT search in Flowview
- Vitals syslog rrd graphs don't appear to be updating after rebooting the Virtual Appliance
- Connection fails to mail server for email alerts if authentication required
- Scrutinizer can only generate one PDF at a time for emailed reports
- IP Groups rename / delete bug
- Calculated column filter doesn't work with availability
- Graph colors should be closer to the report table colors
- Can't change scrutdb password on Linux
- Can't read Scrutinizer logo on the login page
- Link between device and object not showing up
- Launching a report from topints_popup.html does not remember the Default Flow Report setting
- Keep track of group in html popup of mapping configuration
- Have flash maps scale better in dashboards
- Switching \theme\" system preference to SonicWall in non-SonicWall EOM installs breaks login screen"
- Alarm related services don't always start on Linux after a reboot
- Fix "undefined" message when saving MTM license
- Investigate Flowalyzer DB post install script errors
- Detached maps do not resized vertically
- can also be detached again.
- IP group report shows entries that are not defined
- Cisco PfR category is missing after 9.0.0 upgrade to 10
- Duplicate SonicWALL applications
- v10 - Top Interface reports no longer show interface names (only ifindex instance)
- Multiple entries were created in the xcheck_hosts table for some exporters
- Appliance Avail HDD graph looks at the wrong partition
- Unable to save 3rd party integration in Crosscheck
- Saving a gadget refresh to 0 causes loop
- Cannot filter out TOS without losing TOS description.
- Crashed tables for option templates
- Enable default report only where applicable?
- Insert into crontab fails on upgrade because the ID is already taken by a scheduled saved report
- Verify flow rates and MFSNs for v9 and IPFIX
- Report Designer: Make cursor a pointer for Trend by and delete
- XML load errors when a report link in a map no longer works
- Map links disappear on refresh
- MFSN LED's are not properly activating
- New devices are blue after Windows -> Linux database migration
- Make sure mail server template ID dependencies are resolved
- 5m conversations on the hour are being doubled
- Reports don't work with migrated data
- Country icons missing on appliances
- Palo Alto report category shows on ASA device
- Connections by report only show total in mapping
- Crontab entries collide on multiple tasks during upgrade on a server with scheduled reports
- Phone home might need to be updated due to ASA changes
- Denika connections error when trying to load report in mapping
- Percentage threshold option not in Flow Reports Thresholds gadget
- Mystery rate column in some reports
- Mapping undo does not visually undo connector
- TIMEOUT when deleting an exporter in Manage Devices
- Reports display in English instead of native language
- Context menu positioning breaks after scrolling down
- Grab the latest IANA IEs
- Check for Update revision version incorrect in 10.0
- Report Designer not loading template list for some devices
- Report table > Not all columns with IPs addresses resolve their domain
- Map works under the maps tab, but not in a dashboard
- Report breaks from Conversation WKP to Host to Host report
- Labels for Denika Connections in Google Maps are wrong

Version 10.0 - 10/22/2012

+ New collector featuring improved flow rates, improved communication with the frontend, and a mechanism for sending alarms to scrutinizer
+ Add links in maps based on saved reports
+ Allow report thresholds to be set based on exceeding a rate
+ FA Top n algorithms can be configured per device
+ Upgraded MySQL version to 5.1.63
+ Scrutinizer is now using Apache 2.2.22
+ Added dotted outline underneath Dashboard gadgets when moving them
+ Added support for Riverbed NetFlow-v9 custom elements
+ Added Google Map "Hybrid" option via Show Labels
+ Google Maps remember settings when they refresh
+ Allow sFlow devices to be included in FA algorithms
+ Include the time frame in Top Interfaces for emailed reports
+ Allow direct access to Dashboards tabs by URL
+ Send a syslog when any of the services are running low on memory
+ Added informative title bar to indicate which "View" a user is in
+ Send an Alarm when users or their passwords are changed or created
+ Improved CrossCheck alert formatting
+ Added IP Grouping definition interface, reports, and filters
+ Added new Report Designer to create custom reports
+ Added a percent option to Inbound Thresholds
+ Caching of NBAR application definitions from option templates to improve report speed and ensure application names are always displayed.
+ Improved mapping
+ Improved sFlow decoding
+ Improved Exinda template support
+ Improved template naming and flexibility
+ Added Extreme IPFIX support
+ Icons can now be set to change colors based on a chosen Primary Status option (e.g. Flows, Polling, etc.)
+ Polling can now be configured with "up" and "down" dependencies per-device for more intelligent status monitoring
+ Added NBAR support for multiple vendors
+ Added more flexibility to Flash map editing
+ Added customized background images to mapping
+ Maps are now more theme aware
+ Map connections now support connecting two icons with a saved report
+ Added multiple connectors between devices in mapping
+ Added option from Device Overview to view all interfaces
+ Added an easier way to navigate to rename templates
+ Added more time interval options for reports
+ Flowalyzer data is now available beyond 1 minute intervals
+ Added Host to Host with Next Hop report
+ Added Availability by device report
+ Added connections RTT medianet report
+ Reports can now be viewed using rate or percent in maps
+ Added Barracuda device icons
+ The watcher service has been replaced
+ mIAM OSes Views report now provide a list of switches
+ The emerging threats list is now based on IP Reputation and includes categories
+ An IP / DNS button has been added in mapping
+ Added a ASA Denied Flows Algorithm
+ Added IP Group filter to reporting
+ Added a new dark teal skin theme
+ The unfinished flows and internet threats algorithms can now be configured to use source or destination IP as the violator
+ Added Cisco ASA biflow support
+ Added HD test to scrut_util
+ New view: mIAM Hosts by OS added
+ Use totals tables when there is a template filter
+ Added additional checks and balances for security between components
+ Enhance template naming capability
- [fixed] Don't insert noSuchObject when SNMP object doesn't exist
- [fixed] Scheduled reports running at times different than when they are scheduled
- [fixed] Vitals skip under high load
- [fixed] Scheduled alarms and top interfaces reports are emailed several hours late
- [fixed] No message in Manage Exporters when SNMP fails
- [fixed] Display formatted times for flowstartmilliseconds_plxr and flowendmilliseconds_plxr in Flowview
- [fixed] Sonicwall HTTP_URL element id occasionally causing inserts to fail
- [fixed] Images plot beyond the background of image
- [fixed] Top Interface message now looks inconsistent
- [fixed] Flow Hopper information that is the same shouldn't be highlighted
- [fixed] Subnet filter and subnet display work differently (too much default)
- [fixed] Verify credentials are in CrossCheck methods after an upgrade
- [fixed] xCtrl and yCtrl are not sent back with updated values when the map is saved
- [fixed] Table '...' is marked as crashed and last (automatic?) repair failed
- [fixed] Can't generate PDFs for status tab reports
- [fixed] Crosscheck list last 5 poll cycles out of sync
- [fixed] Flowalyzer is coming into appliance, but not in the tree menu
- [fixed] Pie charts percentages don't match those in table data
- [fixed] Backup /files/log files on upgrade
- [fixed] Stacked/unstacked control showing for pie-charts
- [fixed] Policy manager report not returning results when using logical filters
- [fixed] Google map icon changes to flash map icon on tree menu refresh
- [fixed] Default 24-hour report option displays even when selecting reports in other timeframes
- [fixed] Authentification failure on special character passwords during login
- [fixed] Collector stops when expiring history
- [fixed] Vitals RRDs not ported correctly after 8.6.1- 9.5 upgrade
- [fixed] Pie chart by number of packets graphs incorrectly
- [fixed] Orphans time stamp search has unexpected results
- [fixed] PDF export doesn't include outbound traffic
- [fixed] Address issue where users want threats destination vs. threats source
- [fixed] Clicking on poller icon from device overview or crosscheck get error when using SSL certificate
- [fixed] Calls www.google.com when not using google maps
- [fixed] Upgrade always resets system skin to retro-darkalt
- [fixed] Flowalyzer trending is duplicated
- [fixed] Flow examiner is not showing egress flows when present
- [fixed] Creating a new group with a space in the name results in %20 in the name
- [fixed] Packets column should switch between rate and total in status reports
- [fixed] Emailed reports don't include comment
- [fixed] Lost style in device tree tooltips
- [fixed] CrossCheck notifications command line parameter is incorrectly formatted
- [fixed] Removing the admin tab Privileges removes the report list from tree menu
- [fixed] Bidirectional status reports don't show direction in table
- [fixed] Creating a group in Mapping and then navigating directly to connections breaks the interface
- [fixed] Total column in csv export should use bits or bytes in the column label
- [fixed] Scrutinizer: interface exceeded threshold should have a spoof address
- [fixed] Internet threats monitor shows a destination as the violator
- [fixed] Allow + signs in email addresses - [fixed] Can't email reports that have no results
- [fixed] (ASA) NF_F_USERNAME filter in Flowview fails if Domain included in username
- [fixed] Prevent multiple entries for the same object in Service Level Report
- [fixed] Missing sFlow exception - [fixed] Better data formatting in Flowview
- [fixed] Alarm filters not working for timestamp
- [fixed] Alarm email notifications failed if authentication was required
- [fixed] Saved status report disappears
- Upgrade sometimes fails to create log folder

Version 9.5.2 - 7/11/2012

- fixed potential vulnerability in calls to report filters
- disabled verbose SQL errors in PHP components


Array ( [Itemid] => 213 [option] => com_content [id] => 52 [lang] => en [view] => article )