tips:suricata-eve-unixsocket
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
tips:suricata-eve-unixsocket [2020/08/27 19:10] – [5. Starting Suricata] navaneeth | tips:suricata-eve-unixsocket [2020/09/28 17:22] (current) – navaneeth | ||
---|---|---|---|
Line 21: | Line 21: | ||
</ | </ | ||
- | ==== 3. Installing Emerging Threat Rules 5.0 ==== | ||
+ | ==== 3. Updating with latest ruleset ==== | ||
- | * You have to install | + | Use the following command |
- | * Download and install Emerging Threats Open rules into /// | + | |
- | < | + | < |
- | #wget https://rules.emergingthreats.net/ | + | |
- | #tar xf emerging.rules.tar.gz | + | suricata-update puts the combined rules in '' |
- | </ | + | |
+ | < | ||
- | <note important> | ||
==== 4. Enabling EVE_unix Socket ==== | ==== 4. Enabling EVE_unix Socket ==== | ||
Line 60: | Line 59: | ||
{{: | {{: | ||
- | ==== 7. Viewing Alerts ==== | + | ==== 6. Viewing Alerts ==== |
{{: | {{: | ||
- | ==== 6. Updating with latest rules ==== | + | ==== 7. Starting Suricata Automatically |
- | If you have already installed suricata and you want to update with the latest rules. Use the following command. | + | * You need to install [[monit: |
- | < | + | * Add a shellscript named // |
+ | |||
+ | < | ||
+ | # | ||
+ | |||
+ | echo " | ||
+ | /bin/rm -f / | ||
+ | |||
+ | echo " | ||
+ | /usr/bin/suricata --user trisul -l / | ||
+ | |||
+ | echo "Done starting suricata"</ | ||
+ | |||
+ | * Make sure the shell script // | ||
+ | < | ||
+ | |||
+ | * You need to add the following statements in the /// | ||
+ | < | ||
+ | start program = "/ | ||
+ | </ | ||
+ | |||
+ | * Please ensure you restart monit | ||
+ | < | ||
tips/suricata-eve-unixsocket.1598535605.txt.gz · Last modified: 2020/08/27 19:10 by navaneeth