This article provides guidelines to help installing Trisul Network Anayltics in your system.
Trisul is a distributed monitoring system with a number of trisul-probe instances all reporting back to one or more trisul-hub. We first explain how you can install all components on a single box and then slowly expand to explore distributed installation.
There are three major ways to get data into Trisul. Click on each link for detailed instructions.
Live packet capture
Netflow from routers, switches
Read PCAP dumps
Computing requirements needed to run Trisul.
Single machine in the default Packet Capture Mode with typical small enterprise load of 50-200Mbps.
Bare Metal - 4 Core 3Ghz Intel i3/i5/i7/or Xeon class, 8GB RAM, 2×1Gb LAN. SATA or 10K SAS for PCAP storage.
Virtual Machine - 8 vCPU Cores, 12GB RAM, 2×1Gb LAN. VM Port Group mirror feature enabled to receieve the raw packets. VM is not recommended in Packet Capture mode when total load is greater than 500Mbps. Consider bare metal deployment.
Single machine in NETFLOW mode monitoring a router/switch with 1Gbps load.
Bare Metal - 4 Core 3Ghz Intel i3/i5/i7/or Xeon class, 8GB RAM, 2×1Gb LAN. SATA storage.
Virtual Machine - 6 Core 3Ghz Intel i3/i5/i7/or Xeon class, 8GB RAM, 2×1Gb LAN. SATA storage. Virtual Machine is preferred in Netflow mode for enterprise class load.
Trisul is available on the following operating systems. Go to the Download Center to get access to the latest packages.
If you have a distributed system, Trisul Probes and Trisul Hubs can be installed on different O/S.