//
Docs

Suricata

installation

rhel based

install from epel
> dnf install -y suricata

> suricata -V
This is Suricata version 7.0.8 RELEASE

check address and interface settings

/etc/suricata/suricata.yaml
  ...
  address-groups:
    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

  ...
  af-packet:
    - interface: eth0
/etc/sysconfig/suricata
OPTIONS="-i eth0 --user suricata "

initially update suricata default rules

suricata-update

start and test

# start and enable
> systemctl enable --now suricata

# check service logs
> tail /var/log/suricata/suricata.log

probe function while watching the fast.log

# watch detection log
tail -f /var/log/suricata/fast.log

build a corrupted ip package liek described on the scapy docs

see the wazuh instructions about adding suricata logs

Edit this page on Codeberg
Prev
CozyHosting
Next
Wazuh