Open Source IDS / IPS / NSM engine
See all
Members (119)

Stream

Victor Julien
owner

Discussie  - 
4
Pieterjan Denys's profile photo
2 comments
 
tried recompiling it from source with parmaters i used from my previous compiling.

I get the following output
[root@suricata-test suricata-2.0.2]# suricata -c /etc/suricata/suricata.yaml -i eth0 -D
Initialization syslog logging with format "[%i] - ".
Add a comment...
 
HTTP Header fields extended and custom logging with #Suricata IDPS  - https://tinyurl.com/qfcjnxj
With the release of Suricata 2.0.1 there is availability and option to do extended custom HTTP header fields logging through the JSON output module. So what does this mean? Well besides the standard http logging in the eve...
1
Add a comment...
 
#Suricata #IDS #IPS - TCP segment pool size preallocation   https://tinyurl.com/p8skqkj
In the default suricata.yaml stream section we have: stream:   memcap: 32mb   checksum-validation: no      # reject wrong csums   async-oneside: true   midstream: true   inline: no                  # auto will use inline mod...
1
Add a comment...
 
24 hr full log run with #Suricata #IDPS on a #10Gbps ISP line -  https://tinyurl.com/q73le47  
This is going to be quick :) 9K rules (standard ET-Pro, not changed or edited) Suricata 2.0.1 with AF_PACKET, 16 threads number of hosts in HOME_NET - /21 /19 /19 /18 = about 34K hosts  24 hour run eve.json with all outputs...
1
1
Josh White's profile photo
Add a comment...

Peter Manev

Discussie  - 
 
Peculiarity when changing IP address of an elasticsearch machine used to do Suricata IDS log analysis - tinyurl.com/m9hn57f
1
Add a comment...

Peter Manev

Discussie  - 
 
Kibana/Logstash templates for Suricata IDPS - tinyurl.com/mzjv6fd
1
Add a comment...
 
The Grand Slam updated - Suricata, logstash, elasticsearch , kibana - https://tinyurl.com/puvxu9v
Introduction  This is an updated article of the original post - http://pevma.blogspot.se/2014/03/suricata-and-grand-slam-of-open-source.html This article covers the new (at the time of this writing) 1.4.0 Logstash release. Th...
1
Add a comment...
 
The OISF development team is proud to announce Suricata 2.0. This release is a major improvement over the previous releases with regard to performance, scalability and accuracy. Also, a number of g...
1
Add a comment...
 
 
If things go according to our plans, this will be the last release candidate. Please help us test!
4
Marc-Andre Heroux's profile photo
 
I am running it - I will keep you informed!
Add a comment...

About this community

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
Global
 
#Suricata IDPS advanced BPF tuning for 3-4Gbps (on a 4CPU 16GRAM server) with 20K rules - 1% drops tinyurl.com/lyy2stw
1
Add a comment...
 
Just updated my Kibana templates for use with #Suricata IDPS - Custom HTTP logging - you can try them from here https://tinyurl.com/mzjv6fd
1
Add a comment...
 
tried running suricata in deamon mode
got the following error

[root@suricata tmp]# suricata -c /etc/suricata/suricata.yaml -i eth0 -D
suricata: error while loading shared libraries: libhtp-0.5.10.so.1: cannot open shared object file: No such file or directory
1
Pieterjan Denys's profile photoPeter Manev's profile photo
3 comments
 
<Erro> -  [ERRCODE: SC_ERR_MISSIONG_CONFIG_PARAM(118)] - NO logging compatible with deamon mode selected, suricate won't be able to log. Please update 'logging.uptut' in the yaml.

means that you have not enabled suricata.log in suricata.yaml
Add a comment...
 
#Suricata #IDPS - Coalesce parameters and RX ring size - https://tinyurl.com/ntrtw7v
Please read through this very useful article : http://netoptimizer.blogspot.dk/2014/06/pktgen-for-network-overload-testing.html Coalesce parameters and RX ring size can have an impact on your IDS. To see what are the coalesce...
1
Add a comment...
 
Log records per second on eve.json - the good and the bad news on a 10Gbps Suricata IDPS line inspection - tinyurl.com/kh2tshy
1
Add a comment...
 
The difference between 40% and 4% drops on a 10Gbps line - Playing with memory consumption, algorithms and af_packet ring-size in Suricata IDPS https://tinyurl.com/nlv9oh5
How selecting the correct memory algorithm can make the difference between a 40% drops of packets and 4% on inspecting 10Gbps line. In this article I have described some specifics through which I was able to tune up Suricata ...
1
Add a comment...
 
 
My first youtube video! Shows Suricata installation, quick setup and basic testing.
I've made a video on installing Suricata 2.0 on Debian Wheezy. The video does the installation, quick setup, ethtool config and shows a simple way to test the IDS. It's the first time I've made suc...
1
Add a comment...
 
Suricata 2.0 Ubuntu PPA packages available - https://launchpad.net/~oisf/+archive/suricata-stable
1
Add a comment...

Peter Manev

Discussie  - 
 
Suricata - prepearing 10Gbps network cards for IDPS and file extraction -  https://tinyurl.com/p9rvm37
OS used/tested for this tutorial - Debian Wheezy and/or Ubuntu LTS 12.0.4 With 3.2.0 and 3.5.0 kernel level respectively with Suricata 2.0dev at the moment of this writing. This article consists of the following major 3 secti...
1
Add a comment...