Articles about network security monitoring, traffic analytics, setting up measurement, techniques for scaling, threat hunting tips, etc.
Tunneling Netflow to a remote Trisul involves preserving the original IP address of the switch/router. We describe three methods to achieve it, NAT, GRE, and Shim Tunnels.
In this three part series, we explain techniques and show how to analyze the 2018 WRCCDC PCAP dump using TrisulNSM. We appreciate the kind folks at WRCCDC for making this publicly accessible.
A common technique is to mount the archive area onto a NFS or a CIFS share.
One gotcha is you need to add the trisul.trisul user id while mounting the CIFS share. Otherwise the archiver will not be able to access the share.
# get the user and group ID of trisul.trisul id -u trisul id -g trisul # use the uid= and guid= options //192.168.1.181/windowsShare1TrisulData /home/TrisDataArchive/ cifs username=Bob,password=mypassword,uid=995,gid=997,file_mode=0770,dir_mode=0770,noperm 0 0