Scrutinizer SonicWALL Scrutinizer 9.0.1 Release Notes Contents System Requirements..............................................................................................................................................1 Enhancements in SonicWALL Scrutinizer 9.0.1........................................................................................................1 Key Features in SonicWALL Scrutinizer 9.0 .............................................................................................
Key Features in SonicWALL Scrutinizer 9.0 The following enhancements are new in the SonicWALL Scrutinizer 9.0 release: • Enhanced Notifications and Facilitation of Automatic Remediation: In version 8.6 and earlier versions, Scrutinizer only sent syslogs. Version 9 adds the ability to send notifications and escalate issues.
• Enhanced SonicWALL VoIP Reporting including: o SonicWALL VoIP conversations reports have been optimized. o SonicWALL VoIP call filtering now allows for partial text matching. Enhanced SonicWALL VoIP Conversation Report SonicWALL VoIP Call Filter Now Supports Partial Text Matches SonicWALL Scrutinizer 9.0.
• Enhanced Cisco Reporting in support of recently introduced Cisco technologies: Smart Logging and Telemetry (SLT) is a single mechanism of logging and telemetry of traffic that is associated to a specific event on a switch (for example, an event triggered by an ACL-permitted or ACL-denied packet). SLT is a threat detection technology and is intended to be used as follows. An admin will configure one or more Access Control Lists (ACL) on the switch.
• Advanced Citrix Reporting with granular drill down capabilities including: o URLs providing reporting insight into web servers and databases being accessed o Applications providing reporting insight into applications being accelerated via NetScaler o Latency providing reporting insight into the health and delay as seen by NetScaler Note: Citrix NetScaler makes applications and cloud-based services run five times better by offloading application and database servers, accelerating application and service p
Scrutinizer Product Overview SonicWALL Scrutinizer is a network traffic monitoring, analysis and reporting tool. Scrutinizer is a mature and feature rich flow analytic platform. Scrutinizer is used to monitor the overall health of the network, troubleshoot irregular network traffic patterns and optimize network performance. The Scrutinizer application is run on a Windows server and accessible through a web-based Graphical User Interface (GUI).
Scrutinizer Base Product The base Scrutinizer product includes many great features such as: Administration • Customizable Dashboards • Group Based User Permissions • Unique Dashboards per login With Scrutinizer’s suite of built-in administrative tools, customizing specific user logins and dashboards is a breeze. Administrators can create specific permissions based upon a particular user identity or create group based user permissions for entire departments.
Supported Protocols & Other Technical Specifications • Granularly define reports down to specific interfaces across multiple routers, switches, or firewalls rd • Easily integrate 3 party application and URLs into dashboards • Integrates with LDAP servers • Support for SNMPv1, SNMPv2c, and SNMPv3 • Support for all industry standard flow analytics (IPFIX, NetFlow v5, NetFlow v9, FnF, sFlow, J-Flow) • Configurable to over 1000 interfaces and several hundred exporters • Create filters based upon next routing ho
Flow Analytics Module The Flow Analytics Module brings traffic flow diagnostics to the next level by adding historical reporting for an unrestricted period of time, advanced alarming with the ability to set thresholds, role-based administration, and indepth traffic analysis algorithms to the Scrutinizer software.
Using saved Scrutinizer reports, the Flow Analytics Module can monitor and send out syslogs when traffic patterns violate specified thresholds. For example, the Flow Analytics Module can be used to monitor an application for a certain ToS within a class A subnet.
Advanced Troubleshooting • • • • • Begin capacity planning for growing networks Easily identify the volume of flows per host Easily identify the volume of traffic flowing between a pair of hosts Easily identify the volume of unique hosts per second traversing the network Peer into VoIP traffic when using IPFIX to see granular metrics such as codec & caller ID IT administrators can use Scrutinizer to analyze Voice over IP (VoIP) traffic and determine: the amount of voice traffic into and out of the network
Enablement of Traffic and Usage Based Billing Some customers request to be billed for their Internet connection not based on a theoretical maximum throughput of their connection but rather on actual usage. To accommodate this customer demand, service providers have to be able to determine actual bandwidth usage in order to bill each customer accurately and fairly.
Cisco Advanced Reporting Module The Scrutinizer Cisco Advanced Reporting Module is a value added performance monitoring and reporting solution for Cisco Smart Logging and Telemetry, Cisco TrustSec (CTS), Cisco Performance Routing (PfR), and Cisco Medianet. Scrutinizer delivers detailed reports on all traffic related to voice and video. IT staff can troubleshoot QoS issues related to choppy video or delayed voice streams by using Scrutinizer to analyze the appropriate flow.
Flowalyzer NetFlow & sFlow Tester Separate from Scrutinizer and its add-on modules, SonicWALL also offers a free tool called Flowalyzer NetFlow & sFlow Tester. Flowalyzer is a free NetFlow and sFlow Tool Kit for testing and configuring hardware or software to send and receive NetFlow / sFlow data.
Known Issues This section contains a list of known issues in the Scrutinizer 9.0.1 release. Symptom Condition / Workaround MFSN report for some sFlow devices will occur even though no flows are being lost. This can happen if multiple subagents exist on a single sFlow exporter Fix coming in a future release. Flow Analytics can cause the server to page memory to disk and slow down the user interface. Generally, occurs on underpowered machines.
Resolved Issues This section contains a list of resolved issues in the 9.0.1 release. Symptom Condition Logalot creates empty and extra tables that are not used. Occurs when using the Logalot feature. “scrut_util” does not verify proper permission. Occurs when running “scrut_util” from the command line interface. Logalot Report Manager button does not work in the Admin tab. Occurs when navigating to the Admin tab and clicking the Logalot Report Manager button.
Symptom Condition Users can use decimal places when ordering policies. Occurs when ordering policies. The installer displays an error message informing the user that it cannot overwrite “scrut_util.exe.” Occurs when using the Scrutinizer installer. The Scrutinizer system may restart prematurely during an upgrade. Occurs when performing a Scrutinizer update. In 9.0.1, services will be disabled during upgrades to prevent restart prematurely. The link to online help is broken in the Dashboard tab.
Symptom Condition The Watcher is becoming unresponsive at 1 AM. Occurs when using SNMP in conjunction with the Watcher. Flow Direction is exported with only ingress flows. Occurs when exporting the Flow Directions feature. Violation reports are inaccurate. Occurs when the FIN algorithm does not report violations with the correct accuracy. FA Top Hosts Gadget is not render properly with less than 10 hosts. Occurs when using the FA Top Hosts Gadget with less than 10 hosts.
How to Upgrade to the Licensed Version Click the Scrutinizer link on the www.mysonicwall.com homepage to automatically register a Scrutinizer product with its own serial number. The user is then directed to the Services Management page for the newly registered Scrutinizer product. Upon registration, SonicWALL Scrutinizer will be available from the Downloads section in mySonicWALL.
How is NetFlow different from traffic analyzers like MRTG? MRTG and other such equivalent tools provide information that is largely limited to SNMP statistics. NetFlow is more geared toward application-level details such as hosts, protocols, and conversations, which are an inherent part of IP traffic. Is Cisco the only vendor supporting NetFlow? NetFlow technology was invented by Cisco, and Cisco IOS devices offer NetFlow compatibility. There may be other vendors offering NetFlow support on their devices.
How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs? Edit this file: C:\WINDOWS\system32\drivers\etc\hosts and enter the IP to name translations. Overall utilization on the interface appears to be understated. Why would this be? 1. Make sure NetFlow is enabled on all physical interfaces of the device. Do not be concerned with the virtual interfaces, as they will auto-appear once NetFlow is enabled on the physical interface. 2.
6. Full Flow Cache: All flows are stored in the flow cache on the router before export. Once the cache is full, it stops adding entries into the cache until it expires them. When events such as a DDOS or a "social event" occur, the router's cache becomes full. The cache can be increased; however, it will use more memory and could have a negative impact on the router. A loss of flows will cause Scrutinizer to understate utilization.
Can Scrutinizer run in VMWare? Yes, but as with any virtualized environment, you may experience sharp declines in performance when your server's resources are divided between many sessions. How do I exclude Scrutinizer in Symantec AntiVirus? 1. 2. 3. 4. 5. From within Symantec, expand the "Configure" option from the tree menu and select "File System." Click the "Exclusions" button. Click the "Files/Folders" button. Find the Scrutinizer directory and check the box next to it. Click "OK" to finish.
Where can I find the Scrutinizer manual? A copy of the Scrutinizer manual is included with your product. Just click any of the “?” icons. How do I know how much hard drive space I will need? Use the NetFlow Bandwidth and Hard Drive Consumption Calculator to determine how much hard drive space your NetFlow data will consume. Related Technical Documentation SonicWALL Scrutinizer reference documentation is available at the SonicWALL Technical Documentation Online Library: http://www.sonicwall.
