2.1. About Trisul installation
Trisul is a distributed monitoring system with a number of trisul-probe
instances all reporting back to one or more trisul-hub
. We first explain how you can install all components on a single box and then slowly expand to explore distributed installation.
Is this your first install? Follow the Steps in the Download page first.
This section covers how to get a single box install of Trisul up and running. For distributed installation see Distributed monitoring
2.1.1 Plug Trisul into your network
There are three major ways to get data into Trisul. Click on each link for detailed instructions.
Live packet capture | Configure a Port Mirror (SPAN Port), use a Network Tap, or a Linux Inline Bridge. Read Setup packet capture for Trisul |
|
Netflow from routers, switches | Configure your routers, switch to send Netflow, SFLOW, IPFIX or other similar flow information to Trisul. Read Setup Netflow for Trisul |
|
Read PCAP dumps | Read PCAP files dumped by a third party program like tcpdump Read Process PCAP dumps with Trisul |