Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » tips » Suricata-EVE-Unixsocket
Trace:
tips:suricata-eve-unixsocket

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
tips:suricata-eve-unixsocket [2020/08/27 19:10] – [6. Updating with latest rules] navaneethtips:suricata-eve-unixsocket [2020/09/10 16:28] – [2. Installing Suricata version 5.0] veera
Line 20: Line 20:
 apt-get install suricata apt-get install suricata
 </code> </code>
 +
 +
 +===== Updating with latest ruleset =====
 +
 +Use the following command to update the latest emerging-threats ruleset
 +
 +<code>sudo suricata-update</code>
 +
 +suricata-update puts the combined rules in ''/var/lib/suricata/rules'' which is owned by root. Make sure the trisul user can read this directory.
 +
 +<code>sudo chown trisul.trisul /var/lib/suricata -R </code>
 +
 +
 +
 +
 +
 +
  
 ==== 3. Installing Emerging Threat Rules 5.0 ==== ==== 3. Installing Emerging Threat Rules 5.0 ====
Line 60: Line 77:
 {{:app:how_to_start_suricata.png?600|}} {{:app:how_to_start_suricata.png?600|}}
  
-==== 7. Viewing Alerts ====+==== 6. Viewing Alerts ====
  
  
 {{:tips:suricata-alert.png?600|}} {{:tips:suricata-alert.png?600|}}
- 
-==== 7. Updating with latest ruleset ==== 
- 
-If you have already installed suricata and you want to update with the latest rules. Use the following command. 
- 
-<code>sudo suricata-update</code> 
- 
- 
- 
- 
- 
  
  
tips/suricata-eve-unixsocket.txt · Last modified: 2020/09/28 17:22 by navaneeth