Suricata is a network IDS similar to Seek or Snort. Suricata actually supports snort rules and some options from the snort project.
In order to install on Ubuntu, you would run the following commands:
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
sudo apt-get install suricata
Now you have Suricata installed on your instance using the default configuration file. It is pretty good by default, however you need rules in order for the software to actually do something. The recommended (and best) way to do this is:
suricata-update , running this one command detects what version you are on and downloads the appropriate rules from emerging threats.
How to get Suricata working on centos. After you install suricata using
yum install suricata you must make sure it is running on the correct interface.
Need to update
/etc/sysconfig/suricata and replace -I eth0 with -I ens5
That can be done here:
sed -i ’s/eth0/ens5/g’ /etc/sysconfig/suricata
After this you must restart suricata
You should have a successful Suricata instance now running on your network!