suricata:
on Debian 8
apt-get install suricata ( it is 2.0.7 version)
vi /etc/default/suricata ( change RUN=yes, and adjust IFACE to the interface and listen mode to pcap)
systemctl start suricata
tail -f /var/log/suricata/fast.lg ( eve.json)
rules mangement:
apt-get install oinkmaster
add /etc/oinkmaster.conf
url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
then run:
oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
systemctl restart suricata
