I’ve been working through a Suricata course which details how to use Suricata on a Ubuntu base. Since I tend to work more with FreeBSD, here are my notes on how to install Suricata on FreeBSD.

Launch a working FreeBSD system, login, launch a terminal session, then elevate to root privileges. Then run the following commands:

• freebsd-update fetch
• freebsd-update install
• pkg install suricata
• vi /etc/rc.conf
  • suricata_enable=”YES”
  • suricata_netmap=”YES”
• vi /usr/local/etc/suricata
  • change all occurences of eth0 to the actual interface identifier, determined by ifconfig
• service suricata start

Then we can check the health of our installation:

• suricata –build-info
• suricata -V – Display version information
• /var/log/suricata – Log file location, check the contents and ensure that they are growing
• /usr/local/etc/suricata/suricata.yaml – Configuration file