[[Install Guide]]
 
Trace: » Install Guide
Table of Contents

Install Guide

How to install Trisul (the network metering and forensics engine)

How to install Web-Trisul (the Ruby on Rails web frontend to Trisul)

Advanced installation tips

Installing Trisul

There are two ways to install Trisul.

  • Install from source
  • Install from a readymade package (recommended if your platform is supported)

Install from source

If you have installed other open source projects, installing Trisul should be easy. It uses the familiar “configure” tools. There are some issues to keep in mind.

Dependencies

Trisul expects the following libraries to be installed before it can be compiled.

Library name Description Website Notes
libpcap-devel Packet capture library development http://www.tcpdump.org/ Using yum or apt-get is going to be easier. On Fedora (yum install libpcap-devel) On Ubuntu (sudo apt-get install libpcap-dev)
log4cpp C++ logging framework Log4cpp 1.0 Sourceforge download page Get the 1.0 version. You may want to use ./configure –disable-shared to always use static linking. Otherwise you have to muck around with the shared library (use LD_LIBRARY_PATH to include the /usr/local/lib/log4cpp directory)
openssl-devel OpenSSL header files and libraries http://www.openssl.org/ Use a package for your Linux distro (eg, yum install openssl-devel on Fedora or sudo apt-get install openssl-dev on Ubuntu/Debian) Note: On Hardy, try sudo apt-get install libssl-dev. Compile from source (use this if you cannot find a package, or you know your way around OpenSSL)

Optional

Trisul's output is in the form of a SQLITE3 database. Although SQLITE3 is not required for compiling Trisul, it is required to view the data.

Install SQLITE3 via -

  • Using a Linux package manager such as yum or apt-get
  • Get the binaries from SQLITE3 Downloads (You need the download titled “Command line program”)
  • Get the latest code from SQLITE3 Downloads and compile it yourself.

After installation, test SQLITE3 by typing sqlite3 –version

Building

Trisul uses the familiar autoconf toolset. So this section is going to be a breeze !

  • Get the latest source code from the Project Download Site. Download the latest file which says trisul-xxxxx.tar.gz.
  • Uncompress the source archive by tar xvfz trisul-xxxxx.tar.gz
  • Change into the top level directory via cd trisul-xxxxx
  • Type ./configure
  • Type make
  • Now login as root (you need this to install trisul in its default location /usr/local).
  • Read this if you do not have root access. You may specify the –prefix option to the configure tool. (Example : ./configure –prefix=/home/vivek/testarea) Note that you still require root if you want to work on live traffic. You do not need root to process capture files.
  • Type make install

You are now ready to run Trisul. Read the section on How to run Trisul ?

Install from packages

This is the easiest and recommended way to install Trisul.

Currently we provide packages for Ubuntu Hardy and Fedora 7. The packages should work on later releases as well. Tr y it out and let us know. You can get these packages from our download page

Install and run.

It is easy to install and run trisul from packages.

Fedora

  1. Download the rpm
  2. As root run rpm -Uvh trisul-x.y.z.rpm
  3. As root run service trisul start

Ubuntu

  1. Download the deb
  2. Run sudo dpkg -u trisul_x.y.z.deb
  3. Run sudo /etc/init.d/trisul start

Notes on running trisul

  1. Capture from which adapter. By default, Trisul listens on adapter eth0. Edit the /usr/local/share/trisul/crdb.sql3 file to listen on other adapters.
  2. Run as user nobody By default, Trisul runs as user nobody.nobody after it drops root privileges. We recommend you run it as trisul.trisul or as another user.You can edit the /usr/local/etc/trisul/trisulConfig.xml file, Setuid item to achieve this.

Uninstall package

If you want to get rid of Trisul, just type:

  1. rpm -e trisul or
  2. sudo dpkg –remove trisul or sudo dpkg –purge trisul

Install Web Trisul

Web Trisul is the Ruby on Rails application which allows you to interact with Trisul via a web browser.

There are two steps to installing Web-Trisul:

  1. Installing Ruby and the Rails framework
  2. Installing the Web-Trisul application

Installing Ruby on Rails

You must install Ruby and the Rails framework. See your platform specific instructions. There are instructions for Ubuntu here

Once you have Ruby and Rails installed successfully. You need to install the following gem

  • builder ( gem install builder)
  • sqlite3-ruby ( gem install sqlite3-ruby)

Installing the application

Once you have installed the Rails framework, you are almost there. The installation mainly consists of unzipping the application and setting some permissions.

Setting the permissions

The way the permissions are setup, the Web Trisul server must belong to the same Linux user group as that of the Trisul server. For example : If you ran Trisul as trisul.trisul, then the user running Web Trisul must belong to the trisul group.

For example, to add myusername to the group trisul 

useradd -G trisul myusername

You need to do this is because the capture files and the metering database is only readable by members of the trisul group.

Running Web-Trisul

  1. Download the Web-Trisul application from the project download site
  2. Unzip it to a subdirectory
  3. cd to the above directory
  4. Type rake webtrisul:init
  5. Start the built in Ruby webserver (ruby script/server). Alternatively to run Web-Trisul through Apache, click here
  6. Open a web browser and navigate to http://hostname:3000
  7. Login as Username : admin Password admin

You will now be on the dashboard page which will give you a real time view of what is happening on your network.

You can explore the pages further on your own.

 
install.txt · Last modified: 2008/10/21 00:58 by ashish
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki