User Tools
docker:intro
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
docker:intro [2017/11/11 07:42] veera created |
docker:intro [2017/11/16 18:38] (current) veera [All in one NSM and Traffic monitoring] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Using the TrisulNSM Docker appliance. ====== | + | ====== Using the TrisulNSM Docker appliance ====== |
| + | |||
| + | This post introduces the newly released TrisulNSM Docker Appliance. A lightweight fast Network Traffic Analytics and Security Monitoring system that can be deployed instantly. | ||
| + | |||
| + | |||
| + | {{ :docker:trisvenn.png?nolink |}} | ||
| ===== All in one NSM and Traffic monitoring ===== | ===== All in one NSM and Traffic monitoring ===== | ||
| + | |||
| + | The Docker appliance is on Docker Hub at [[https://hub.docker.com/r/trisulnsm/trisul6/|trisulnsm/trisul6]] | ||
| + | |||
| + | Here are some links to get your started. | ||
| + | |||
| + | - **Start here** github [[https://github.com/trisulnsm/docker|trisulnsm/docker]] : Quick instructions on running the appliance | ||
| + | - [[https://trisul.org/blog/docker/post.html|Blog post]] announcing the release | ||
| + | - Devzone article [[docker:pcap_analysis|"Importing PCAPS"]] explaining how you can import PCAP dumps | ||
| + | |||
| + | ===== Advantages of the Docker NSM appliance ===== | ||
| + | |||
| + | - Just run the appliance to get a complete NSM system live. All parts are included. There is no need to setup a backend database cluster with Elastic, Splunk, etc. | ||
| + | - The performance is very close to directly installing on the host. | ||
| + | - Secure. The docker image is a minimal install, with only the necessary packages. | ||
| + | - Also includes Suricata IDS with auto updates. Trisul integrates the alert based metrics into its pipelines. Just check it out to see this powerful feature in action. | ||
| + | - Built-in [[https://trisul.org/free|FREE Trisul Network Analytics]] License that lets you monitor for ever but only reports on the most recent 3 days. | ||
| + | |||
| + | |||
| + | ===== Next steps ===== | ||
| + | |||
| + | If you need a 'point' solution , this Docker image should be good enough for most deployments. Here are some advantages of installing the packages directly on the host instead of Docker. | ||
| + | |||
| + | - Trisul packages allow a Hub+Probe architecture. The Docker image bundles them all in one ball. If you want to deploy a distribute probe network. You need to use the packages. | ||
| + | - This image uses the ''--net=host'' Host network bridge. If you are uncomfortable with that , and there is no need to be, you can use the raw packages. | ||
| + | - Short answer : In most case this Docker image will work just fine as an **all-in-one** NSM and Traffic Analytics system. | ||
| + | |||
| + | |||
docker/intro.1510386134.txt.gz · Last modified: 2017/11/11 07:42 by veera
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
