tips:suricata-eve-unixsocket
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
tips:suricata-eve-unixsocket [2020/08/27 19:10] – [7. Viewing Alerts] navaneeth | tips:suricata-eve-unixsocket [2020/09/17 19:21] – navaneeth | ||
---|---|---|---|
Line 21: | Line 21: | ||
</ | </ | ||
- | ==== 3. Installing Emerging Threat Rules 5.0 ==== | ||
+ | ==== 3. Updating with latest ruleset ==== | ||
- | * You have to install | + | Use the following command |
- | * Download and install Emerging Threats Open rules into /// | + | |
- | < | + | < |
- | #wget https://rules.emergingthreats.net/ | + | |
- | #tar xf emerging.rules.tar.gz | + | suricata-update puts the combined rules in '' |
- | </ | + | |
+ | < | ||
- | <note important> | ||
==== 4. Enabling EVE_unix Socket ==== | ==== 4. Enabling EVE_unix Socket ==== | ||
Line 65: | Line 64: | ||
{{: | {{: | ||
- | ==== 7. Updating with latest ruleset | + | ==== 7. Starting Suricata Automatically |
- | If you have already installed suricata and you want to update with the latest rules. Use the following command. | + | * You need to install [[monit: |
- | < | + | * Add a shellscript named // |
+ | |||
+ | < | ||
+ | # | ||
+ | |||
+ | echo " | ||
+ | /bin/rm -f / | ||
+ | |||
+ | echo " | ||
+ | /usr/bin/suricata --user trisul -l / | ||
+ | |||
+ | echo "Done starting suricata"</ | ||
+ | |||
+ | * You need to add the following statements in the / | ||
+ | < | ||
+ | start program = "/ | ||
+ | </ | ||
+ | |||
+ | * Please ensure you restart monit | ||
+ | < | ||
tips/suricata-eve-unixsocket.txt · Last modified: 2020/09/28 17:22 by navaneeth