Difference between revisions of "Suricata"

From ArchWiki
Jump to: navigation, search
(Configuration)
(Configuration: mgc)
Line 21: Line 21:
 
   HOME_NET: "[10.0.0.0/8]"                # your local network
 
   HOME_NET: "[10.0.0.0/8]"                # your local network
 
   host-os-policy:  ..                    # according to the OS running the ips
 
   host-os-policy:  ..                    # according to the OS running the ips
   magic-file: /usr/share/file/misc/magic
+
   magic-file: /usr/share/file/misc/magic.mgc

Revision as of 01:03, 12 August 2013

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements.Tango-edit-clear.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Suricata#)

From the project home page:

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.


Installation

Install suricataAUR from the AUR.


Configuration

The main configuration file is /etc/suricata/suricata.yaml.

You should change the following parts of the config in order to make it run:

  default-log-dir: /var/log/suricata/     # where you want to store log files
  classification-file: /etc/suricata/classification.config
  reference-config-file: /etc/suricata/reference.config
  HOME_NET: "[10.0.0.0/8]"                # your local network
  host-os-policy:   ..                    # according to the OS running the ips
  magic-file: /usr/share/file/misc/magic.mgc