I edited /etc/nf to add the rules I wanted: You then should grab the rules to get it all going and monitoring, check out the official page to set this up. # set to yes to start the server in the init.d script Once you have done the traditional apt-get install suricata, there is not much to do to get it running, mostly edit: /etc/default/suricata and change this line depending on your network interface, and also allow it to run: I am very likely to make packages for this later in order to have more functionality. Everything is packaged which is quite nice though the version of suricata is a bit old on this (1.2.1 vs 1.4.7 on the website). On a lazy Sunday afternoon, I thought this was the perfect time to take a look at what it can do in its current form. One functionality that I will be using down the line will be PF Ring. I can see the project seems to have evolved quite a lot. It has been a few years since I looked at it. I have used Snort quite extensively in the past and was curious about toying with Suricata which is similar to Snort but nicer in my view.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |