From the project home page:
- Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
The main configuration file is
You should change the following parts of the config in order to make it run:
default-log-dir: /var/log/suricata/ # where you want to store log files classification-file: /etc/suricata/classification.config reference-config-file: /etc/suricata/reference.config HOME_NET: "[10.0.0.0/8]" # your local network host-os-policy: .. # according to the OS running the ips magic-file: /usr/share/file/misc/magic.mgc
You may use snorby  as web interface.
You may start the suricata service manually with:
# /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
Systemd service configuration
To start suricata automatically at system boot, enable
For example, if the network interface is
eth0 , the service name is