User Tools

Site Tools


articles

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
articles [2019/07/09 16:12] – [Administration Tips] veeraarticles [2024/01/29 17:21] (current) – [Netflow Configuration] veera
Line 20: Line 20:
  
 [[hardware:shimtunnel|Using a Shim Tunnel to send Netflow to a remote Trisul]] [[hardware:shimtunnel|Using a Shim Tunnel to send Netflow to a remote Trisul]]
 +
 +[[hardware:shimtunnelintro|Use a Shim Tunnel when you cant use GRE or NAT ]]
 +
 +
 +==== High availability and Disaster Recovery ====
 +
 +Trisul can be setup as High Availability or a D-R Disaster recovery configuration. This section contains articles related to that.
 +
 +[[ha:keepalived|Configure HA using keepalived]]
 +
 + 
  
 ===== Docker ===== ===== Docker =====
Line 93: Line 104:
  
  
 +===== Netflow Configuration =====
  
 +[[netflow:junipermx|Sample Netflow Configuration for Juniper MX series routers ]]
  
 +[[netflow:asr|Sample Netflow Configuration for Cisco ASR]]
 +
 +[[netflow:junipersrx|Sample Netflow Configuration for Juniper SRX]]
 +===== Syslog Configuration =====
 +
 +[[netflow:natsyslog|Sample NAT syslog for Mikrotik]]
 ===== Administration Tips  ===== ===== Administration Tips  =====
  
Line 104: Line 123:
  
 [[admin:udpserver|Check if UDP packets are received]] [[admin:udpserver|Check if UDP packets are received]]
 +
 +[[admin:vlantags|VLAN tags only not visible in RXRING and AF_PACKET mode]]
 +
 +[[admin:Keepalived|Trisul HA using keepalived]]
 +
 +
 +===== SNMP =====
 +
 +[[articles:portvlanid|Mapping Port names to VLAN ID]] 
 +
 ===== External links ===== ===== External links =====
 [[Get google api key: Get Google API Key]] [[Get google api key: Get Google API Key]]
Line 110: Line 139:
  
  
 +[[https://docs.tenable.com/nnm/deployment/Content/VM/Hyper-VInternal.htm|How to mirror traffic from external port to a VM in Hyper-V (Tenable)]]
 +
 +
 +===== Application =====
 +[[admin:restart_webtrisul_cron|How to restart webtrisuld via cron]]
 +
 +===== Security and Hardening =====
 +
 +[[admin:disableweaksshkeyexchange|How to disable weak Key Exchange algorithms for ssh]]
 +
 +
 +===== Mount CIFS and NFS with uid, gid option only =====
 +
 +A common technique is to mount the archive area onto a NFS or a CIFS share.
 +
 +
 +One gotcha is you need to add the trisul.trisul user id while mounting the CIFS share. Otherwise the archiver will not be able to access the share.
 +
 +
 +<code bash>
 +
 +# get the user and group ID of trisul.trisul
 +id -u trisul
 +id -g trisul
 +
 +
 +# use the uid= and guid= options 
 +//192.168.1.181/windowsShare1TrisulData  /home/TrisDataArchive/  cifs  username=Bob,password=mypassword,uid=995,gid=997,file_mode=0770,dir_mode=0770,noperm 0 0
 +
 +</code>
 +
 +===== LDAP =====
 +
 +[[admin:ldapserach|LDAP Search]]
 +
 +
 +===== Tuning Flow Indexes  =====
  
 +How to tune flow indexes to optimize disk size based on requirements. 
  
 +[[tips:flowindextuning|Tuning Flow Database]]
  
articles.1562668968.txt.gz · Last modified: 2019/07/09 16:12 by veera