2.1. About Trisul installation

Trisul is a distributed monitoring system with a number of trisul-probe instances all reporting back to one or more trisul-hub. We first explain how you can install all components on a single box and then slowly expand to explore distributed installation.

Is this your first install? Follow the Steps in the Download page first.
This section covers how to get a single box install of Trisul up and running. For distributed installation see Distributed monitoring

2.1.1 Plug Trisul into your network

There are three major ways to get data into Trisul. Click on each link for detailed instructions.

Live packet capture Configure a Port Mirror (SPAN Port), use a Network Tap, or a Linux Inline Bridge.
Read Setup packet capture for Trisul
Netflow from routers, switches Configure your routers, switch to send Netflow, SFLOW, IPFIX or other similar flow information to Trisul.
Read Setup Netflow for Trisul
Read PCAP dumps Read PCAP files dumped by a third party program like tcpdump
Read Process PCAP dumps with Trisul