Table of Contents
Using the TrisulNSM Docker appliance
This post introduces the newly released TrisulNSM Docker Appliance. A lightweight fast Network Traffic Analytics and Security Monitoring system that can be deployed instantly.
All in one NSM and Traffic monitoring
The Docker appliance is on Docker Hub at trisulnsm/trisul6
Here are some links to get your started.
Advantages of the Docker NSM appliance
- Just run the appliance to get a complete NSM system live. All parts are included. There is no need to setup a backend database cluster with Elastic, Splunk, etc.
- The performance is very close to directly installing on the host.
- Secure. The docker image is a minimal install, with only the necessary packages.
- Also includes Suricata IDS with auto updates. Trisul integrates the alert based metrics into its pipelines. Just check it out to see this powerful feature in action.
- Built-in FREE Trisul Network Analytics License that lets you monitor for ever but only reports on the most recent 3 days.
If you need a 'point' solution , this Docker image should be good enough for most deployments. Here are some advantages of installing the packages directly on the host instead of Docker.
- Trisul packages allow a Hub+Probe architecture. The Docker image bundles them all in one ball. If you want to deploy a distribute probe network. You need to use the packages.
- This image uses the
–net=hostHost network bridge. If you are uncomfortable with that , and there is no need to be, you can use the raw packages.
- Short answer : In most case this Docker image will work just fine as an all-in-one NSM and Traffic Analytics system.