User Tools

Site Tools


articles

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
articles [2019/01/05 17:38] – [Hardware and Data Acquisition] veeraarticles [2024/01/29 17:21] (current) – [Netflow Configuration] veera
Line 10: Line 10:
 [[hardware:erspan|Configuring ERSPAN for packet capture into Network Security Monitoring tools]] [[hardware:erspan|Configuring ERSPAN for packet capture into Network Security Monitoring tools]]
  
 +
 +==== Netflow tunneling ====
 +
 +Tunneling Netflow to a remote Trisul involves preserving the original IP address of the switch/router. We describe three methods to achieve it, NAT, GRE, and Shim Tunnels. 
  
 [[hardware:gatewaynetflow|Using NAT on gateway to send Netflow to remote Trisul]] [[hardware:gatewaynetflow|Using NAT on gateway to send Netflow to remote Trisul]]
Line 15: Line 19:
 [[hardware:gretunnel|Using GRE Tunnel to send Netflow to a remote Trisul]] [[hardware:gretunnel|Using GRE Tunnel to send Netflow to a remote Trisul]]
  
 +[[hardware:shimtunnel|Using a Shim Tunnel to send Netflow to a remote Trisul]]
 +
 +[[hardware:shimtunnelintro|Use a Shim Tunnel when you cant use GRE or NAT ]]
 +
 +
 +==== High availability and Disaster Recovery ====
 +
 +Trisul can be setup as High Availability or a D-R Disaster recovery configuration. This section contains articles related to that.
 +
 +[[ha:keepalived|Configure HA using keepalived]]
 +
 + 
  
 ===== Docker ===== ===== Docker =====
Line 88: Line 104:
  
  
 +===== Netflow Configuration =====
  
 +[[netflow:junipermx|Sample Netflow Configuration for Juniper MX series routers ]]
  
 +[[netflow:asr|Sample Netflow Configuration for Cisco ASR]]
 +
 +[[netflow:junipersrx|Sample Netflow Configuration for Juniper SRX]]
 +===== Syslog Configuration =====
 +
 +[[netflow:natsyslog|Sample NAT syslog for Mikrotik]]
 ===== Administration Tips  ===== ===== Administration Tips  =====
  
Line 96: Line 120:
 [[monit:monitoring_and_maintain_trisul_process|How to use Monit to keep an eye on Trisul processes and restart them if necessary]] [[monit:monitoring_and_maintain_trisul_process|How to use Monit to keep an eye on Trisul processes and restart them if necessary]]
  
 +[[admin:ha|Primary and backup configuration]]
  
 +[[admin:udpserver|Check if UDP packets are received]]
  
 +[[admin:vlantags|VLAN tags only not visible in RXRING and AF_PACKET mode]]
 +
 +[[admin:Keepalived|Trisul HA using keepalived]]
 +
 +
 +===== SNMP =====
 +
 +[[articles:portvlanid|Mapping Port names to VLAN ID]] 
  
 ===== External links ===== ===== External links =====
 +[[Get google api key: Get Google API Key]]
 +
 [[Other links: external_links]] [[Other links: external_links]]
  
  
 +[[https://docs.tenable.com/nnm/deployment/Content/VM/Hyper-VInternal.htm|How to mirror traffic from external port to a VM in Hyper-V (Tenable)]]
 +
 +
 +===== Application =====
 +[[admin:restart_webtrisul_cron|How to restart webtrisuld via cron]]
 +
 +===== Security and Hardening =====
 +
 +[[admin:disableweaksshkeyexchange|How to disable weak Key Exchange algorithms for ssh]]
 +
 +
 +===== Mount CIFS and NFS with uid, gid option only =====
 +
 +A common technique is to mount the archive area onto a NFS or a CIFS share.
 +
 +
 +One gotcha is you need to add the trisul.trisul user id while mounting the CIFS share. Otherwise the archiver will not be able to access the share.
 +
 +
 +<code bash>
 +
 +# get the user and group ID of trisul.trisul
 +id -u trisul
 +id -g trisul
 +
 +
 +# use the uid= and guid= options 
 +//192.168.1.181/windowsShare1TrisulData  /home/TrisDataArchive/  cifs  username=Bob,password=mypassword,uid=995,gid=997,file_mode=0770,dir_mode=0770,noperm 0 0
 +
 +</code>
 +
 +===== LDAP =====
 +
 +[[admin:ldapserach|LDAP Search]]
 +
 +
 +===== Tuning Flow Indexes  =====
  
 +How to tune flow indexes to optimize disk size based on requirements. 
  
 +[[tips:flowindextuning|Tuning Flow Database]]
  
articles.1546690103.txt.gz · Last modified: 2019/01/05 17:38 by veera