tips:suricata-eve-unixsocket
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
tips:suricata-eve-unixsocket [2020/08/27 18:53] – [4. Starting Suricata] navaneeth | tips:suricata-eve-unixsocket [2020/09/28 17:22] (current) – navaneeth | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Suricata-EVE-Unixsocket ====== | ====== Suricata-EVE-Unixsocket ====== | ||
- | This article | + | This article |
- | + | ||
- | ** | + | |
- | To create a threat signatures that will turn into a powerful frontline alert monitoring system for any enterprise.Usually | + | |
- | ** | + | |
{{: | {{: | ||
===== Installation ===== | ===== Installation ===== | ||
- | ==== 1. Installing Suricata ==== | + | ==== 1. Installing Suricata |
* You can install the app by logging in as admin and selecting //Web Admin > Manage > Apps > Suricata via Eve Unixsocket// | * You can install the app by logging in as admin and selecting //Web Admin > Manage > Apps > Suricata via Eve Unixsocket// | ||
Line 16: | Line 12: | ||
{{: | {{: | ||
- | * Please install Suricata by running the following command, | + | ==== 2. Installing Suricata version 5.0 ==== |
+ | Please install Suricata by running the following command, | ||
< | < | ||
Line 24: | Line 21: | ||
</ | </ | ||
- | ==== 2. Installing Emerging Threat Rules ==== | ||
+ | ==== 3. Updating with latest ruleset ==== | ||
- | * You have to install | + | Use the following command |
- | * Download and install Emerging Threats Open rules into /// | + | |
- | < | + | < |
- | #wget https://rules.emergingthreats.net/ | + | |
- | #tar xf emerging.rules.tar.gz | + | suricata-update puts the combined rules in '' |
- | </ | + | |
+ | < | ||
- | <note important> | ||
- | ==== 3. Enabling | + | ==== 4. Enabling |
Line 49: | Line 45: | ||
</ | </ | ||
< | < | ||
- | |||
- | * And, also disable the ' | ||
- | |||
- | < | ||
- | # a line based alerts log similar to Snort' | ||
- | - fast: | ||
- | enabled: no | ||
- | filename: fast.log | ||
- | append: yes | ||
- | #filetype: regular # ' | ||
| | ||
- | ==== 4. Starting Suricata ==== | + | ==== 5. Starting Suricata ==== |
* Login as Admin and Select Admin Tasks. | * Login as Admin and Select Admin Tasks. | ||
* Click on 'More options' | * Click on 'More options' | ||
* You will find a Dialog box with command line to install Suricata as below. | * You will find a Dialog box with command line to install Suricata as below. | ||
+ | * Cut and paste the command shown into a terminal to start suricata | ||
< | < | ||
</ | </ | ||
- | <note important> | + | {{: |
+ | {{: | ||
+ | |||
+ | ==== 6. Viewing Alerts ==== | ||
{{: | {{: | ||
- | ==== 5. Updating with latest rules ==== | + | ==== 7. Starting Suricata Automatically |
- | If you have already installed suricata and you want to update with the latest rules. Use the following command. | + | * You need to install [[monit: |
- | < | + | * Add a shellscript named // |
+ | |||
+ | < | ||
+ | # | ||
+ | |||
+ | echo " | ||
+ | /bin/rm -f / | ||
+ | |||
+ | echo " | ||
+ | /usr/bin/suricata --user trisul -l / | ||
+ | |||
+ | echo "Done starting suricata"</ | ||
+ | |||
+ | * Make sure the shell script // | ||
+ | < | ||
+ | |||
+ | * You need to add the following statements in the /// | ||
+ | < | ||
+ | start program = "/ | ||
+ | </ | ||
+ | |||
+ | * Please ensure you restart monit | ||
+ | < | ||
tips/suricata-eve-unixsocket.1598534610.txt.gz · Last modified: 2020/08/27 18:53 by navaneeth