Network security monitoring using Suricata
If we want to use a network intrusion detection system on Linux, we can use Suricata, which is a free and open source tool. It can be used to inspect network traffic using its rules and signature language. Suricata can handle multiple gigabits of traffic and display it on screen. It can also send alerts through emails.
Getting ready
Before starting with the installation and configuration of Suricata, we will need to install a few of its dependency packages. We can install all the required dependencies using the following command:
apt-get install libpcre3-dbg libpcre3-dev autoconf automake libtool libpcap-dev libnet1-dev libyaml-dev libjansson4 libcap-ng-dev libmagic-dev libjansson-dev zlib1g-dev
The default working of Suricata is as an Intrusion Detection system. If we wish to use it as an Intrusion Prevention system, we will need some extra packages, which can be installed using the following commands:
apt-get install libnetfilter-queue-dev libnetfilter...
