Installation and basic setup of Suricata
First, add the latest stable Suricata repository to APT:
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
Now you can either install Suricata with:
sudo apt-get install suricata
or the Suricata package with built-in (enabled) debugging
sudo apt-get install suricata-dbg
Start with creating a directory for Suricata’s log information.
sudo mkdir /var/log/suricata
To prepare the system for using it, enter:
sudo mkdir /etc/suricata
The next step is to copy classification.config, reference.config and suricata.yaml from the base build/installation directory (ex. from git it will be the oisf directory) to the /etc/suricata directory. Do so by entering the following:
sudo cp classification.config /etc/suricata
sudo cp reference.config /etc/suricata
sudo cp suricata.yaml /etc/suricata
You can also use the available auto setup features of Suricata:
The make install-conf option will do the regular “make install” and then automatically create/setup all the necessary directories and suricata.yaml.
./configure && make && make install-conf
The make install-rules option will do the regular “make install” and it automatically downloads and sets up the latest ruleset from Emerging Threats available for Suricata.
./configure && make && make install-rules
The make install-full option combines everything mentioned above (install-conf and install-rules) – and will present you with a ready to run (configured and set up) Suricata
./configure && make && make install-full
Suricata – Ubuntu installation