About trisul installation
Trisul is a distributed monitoring system with a number of
trisul-probe instances all reporting back to one or more trisul-hub.
We first explain how you can install all components on a single box and
then slowly expand to explore distributed installation.
Is this your first install? Follow the Steps in the Download page first.
This section covers how to get a single box install of Trisul up and running. For distributed installation see Distributed monitoring
๐๏ธ System requirements
This page describes the hardware and operating system requirements needed to run Trisul Network Analytics.
๐๏ธ Install trisul
Trisul is a distributed network analytics system that can be installed on off the shelf hardware. Beginners and users of the Free License will want to install all the packages on a single server. Advanced users can split the Hub and Probe nodes and roll out a distributed deployment.
๐๏ธ Uninstall
Trisul packages can be uninstalled like any other linux package.
๐๏ธ Upgrading trisul
An upgrade is simply an uninstall followed by a new install.
๐๏ธ Verifying packages
All of ourDEBandRPMpackages are signed with ourGPGkey.
๐๏ธ Start and stop Trisul
Describes how you can start and stop Trisul components. For a more detailed explanation seeBasic Usage: Start and stop
๐๏ธ Configure disk storage
Trisulโs disk requirements depend on how much you want to retain :
๐๏ธ Viewing log files
Trisul has a rich logging and monitoring framework. This section explains
๐๏ธ Installing a new License
This section describes how you can install a new License File to replace the defaultFree 3-dayrolling window license.
๐๏ธ Setup Trisul with Netflow
This section describes how you can setup Trisul to accept Netflow or Netflow โlikeโ measurementsIPFIX,JFLOW,SFLOW.
๐๏ธ Setup packet captures for Trisul
This section explains the various methods to acquire raw network packets from your infrastructure and into a Trisul Probe.
๐๏ธ BadFellas plugin
The Badfellas plugin checks your network traffic against millions of indicators to detect malicious activity.
๐๏ธ Geo Plugin
The Geo plugin is an add-on package to Trisul. It enhances the base Trisul functionality by adding
๐๏ธ How to upgrade 6.5 production license
Trisul customers who are running production systems need to first contact us and obtain an upgraded Trisul Network Analytics 7.0 Production license.
Plug Trisul into your networkโ
There are three major ways to get data into Trisul. Click on each link for detailed instructions.
| Name | Info |
|---|---|
| Live packet capture | Configure a Port Mirror (SPAN Port), use a Network Tap, or a Linux Inline Bridge. Read Setup packet capture for Trisul |
| Netflow from routers, switches | Configure your routers, switch to send Netflow, SFLOW, IPFIX or other similar flow information to Trisul. Read Setup Netflow for Trisul |
| Read PCAP dumps | Read PCAP files dumped by a third party program like tcpdump Read Process PCAP dumps with Trisul |