Traffic Monitoring with Trisul
Traffic monitoring is the central task of Trisul. Out of the box, Trisul measures over 120 parameters about 16 different "things" such as Applications, Hosts, VLAN, MAC, etc. A "Counter Group": Traffic metering concepts is the key concept you need to know about in Traffic Monitoring with Trisul.
ποΈ Traffic Metering Concepts
This section attempts to briefly explain the basic concepts of counter
ποΈ Counter Group Settings
See Counter Group Settings
ποΈ Name Resolution
You can assign a user friendly name for any type of item.
ποΈ Custom Key Monitors
Custom Key Monitors allow you to monitor a set of key items in real time, irrespective of whether they show up in the toppers list or not. You can think of them as subset of a counter group that is βspecialβ to you. For example, the IP (Hosts counter group) 192.168.14.16 is our internal build server, so we want to monitor it separately, generate reports for it separately, even though we may have thousands of other hosts.
ποΈ Performing Retro Analysis
Retro analysis is short for retrospective analysis. When applied to
ποΈ Retro Analysis Tools
You have selected a time interval you want to focus on - whats next ?
ποΈ Retro Q & A
Retro FAQs are complex network analysis like analysing network traffic, flows, and alerts rendered in plain English as a question for easy access.
ποΈ Real Time Stabbers
Real time stabbers allow you to monitor various types of network
ποΈ SSL/TLS Metering
Three new counter groups give you great visibility into the SSL
ποΈ Deep Monitoring of IP assets
A common use case is to enable enhanced monitoring of specific assets.
ποΈ Tasks
How can I view real time traffic ?
ποΈ Custom Counter Groups
See Custom Counter Groups
Traffic Analysis Featuresβ
Real Timeβ
You can monitor any metric in real time using Real time stabbers. This helps with troubleshooting and real time tracking of developing situations.
Historical Analysisβ
Use retro analysis tools, long term traffic charts, monthly usage reports and other tools for historical analysis. Trisul does not summarize or roll up any old data.
Data Acquisition Methodsβ
Packet Captureβ
The default mode. Trisul does all its analytics by directly capturing packets from the network. Learn how to capture packets for Trisul NSM.
NetFlowβ
Can also accept Netflow v5, v9, SFLOW, and IPFIX instead of packets. This is a powerful low-cost way to gain total visibility into your internal network traffic without a TAP and Probe rollout with packet capture techniques.
Task Listβ
Jump to common network analysis tasks
- Find out which flows caused a traffic pattern
- View flow activity of a particular host or port in real time
- Jump from alerts to flows that caused them
- Set up flow trackers to analyze specific activity
- Investigate past activity
- Enable metering which depend on flows not packets
- Optimize full content storage (eg, store only first 1M of each flow)
Related Featuresβ
Chart usage of any item or view toppers in any counter group in real time.
Example : View in real time top Internal Hosts, or view Total Bps for Port 443
Select a time interval and drill down over 100 ways.
Select a time interval and click on pre-defined analysis in Q&A style
Create your own custom counter policies.