I’ve been working through a Suricata course which details how to use Suricata on a Ubuntu base. Since I tend to work more with FreeBSD, here are my notes on how to install Suricata on FreeBSD.
Launch a working FreeBSD system, login, launch a terminal session, then elevate to root privileges. Then run the following commands:
- freebsd-update fetch
- freebsd-update install
- pkg install suricata
- vi /etc/rc.conf
- suricata_enable=”YES”
- suricata_netmap=”YES”
- vi /usr/local/etc/suricata
- change all occurences of eth0 to the actual interface identifier, determined by ifconfig
- service suricata start
Then we can check the health of our installation:
- suricata –build-info
- suricata -V – Display version information
- /var/log/suricata – Log file location, check the contents and ensure that they are growing
- /usr/local/etc/suricata/suricata.yaml – Configuration file