配置suricata

摘要:
yum-yinstalllibpcaplibpcap-devellibnetlibnet-develpcrepcre-develgccgcc-c++automakeautoconflibtoolmakelibyamllibyaml-develzlibzlib-devellibcap-nglibcap-ng-develmagicmagic-develfilefile-devel0.配置大体上与配置s
yum -y install libpcap libpcap-devel libnet libnet-devel pcre 
pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml 
libyaml-devel zlib zlib-devel libcap-ng libcap-ng-devel magic magic-devel file file-devel

0.配置大体上与配置snort相同

1.配置Barnyard2

git clone https://github.com/firnsy/barnyard2
cd barnyard2
./autogen.sh
./configure --with-mysql-libraries=/usr/lib64/mysql make make install
mkdir /etc/suricata/
cp etc/barnyard2.conf /etc/suricata/

2.配置suricata.conf

mkdir /var/log/suricata

规则:

wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

解压规则到/etc/suricata

进入suricata目录

cp suricata.yaml classification.config reference.config /etc/suricata/

barnyard2.conf参考配置snort

启动

suricata --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml -l /var/log/suricata
barnyard2 -c /etc/suricata/barnyard2.conf -d /var/log/suricata -f unified2.alert -C /etc/suricata/classification.config

免责声明:文章转载自《配置suricata》仅用于学习参考。如对内容有疑问,请及时联系本站处理。

上篇操作系统判断关于工作流的模式下篇

宿迁高防,2C2G15M,22元/月;香港BGP,2C5G5M,25元/月 雨云优惠码:MjYwNzM=

相关文章

suricata的模块和插槽

参考资料 suricata官方文档https://suricata.readthedocs.io/en/latest/performance/runmodes.html#different-runmodes suricata的源代码https://blog.csdn.net/shenwansangz/article/details/37900875?utm...