#Find "config hostname" and "config interface". Eth0 is the network card where the image port is located. Modify it according to your actual situation. (unfinished) sed - I - E '/ # config hostname: Thor / \ A / config hostname: YM /' / etc / Suricata / barnyard2. Confirmed - I - E '/ # config interface: eth0 / \ A / config interface: eth0 /' / etc / Suricata / barnyard2. Confirmed - I - E '/ config waldo_file/a\config waldo_file: /var/log/suricata/suricata.waldo' /etc/suricata/barnyard2.conf

2 edit the suricata.yaml file touch / var / log / Suricata / suricata.waldo

Modify the log format file: sed - I - E '/ default log format / a \ default log format: "" [% I]% T - (% F:% L) < d > (% n) - "" / etc / Suricata / suricata.yaml

#Open syslog function, and find: sed - I - E '\ / var \ / log \ / Suricata \ / Suricata. Log /, / step 4 / S / no / yes / g' / etc / Suricata / Suricata. Yaml

#Open unified2 logging in the Suricata yaml: sed - I - E '/ unified2 alert /, / unified2.alert/s/no/yes/g' / etc / Suricata / suricata.yaml

Find PID file: / var / run / suricata.pid, remove the previous ID from sed-i-e '/ PID file / a \ PID file: / var / run / Suricata. PID' / etc / Suricata / suricata.yaml

#Find rule files and delete the following emerging-icmp.rules and emerging-virus.rules. (unfinished)

Enable threshold, find "threshold file: / etc / surbia / threshold.configured - I - E '/ threshold file / a \ threshold file: / etc / surbia / threshold.config' / etc / surbia / surbia.yaml

Start Suricata, barnyard 2sudo / usr / local / bin / barnyard2 - C / etc / Suricata / barnyard2.conf - D / var / log / Suricata - F unified2.alert - w / var / log / Suricata / suricata.waldo - D

LD ﹐ library ﹐ path = / usr / local / lib / usr / bin / Suricata - C / etc / Suricata / suricata.yaml - I eth0 ﹐ sudo / usr / bin / Suricata - C / etc / Suricata / suricata.yaml - I eth0 - D ﹐ the - I parameter of starting Suricata is the network card of image traffic

0x09 official website: https://suricata-ids.org/

Step  one：https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation

Step two：https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setuphttps://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_User_GuideStep three：

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guidehttps://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmasterhttps://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules

https://github.com/ym2011/penetration/tree/master/scripts/Snorby

Welcome to share better ideas and look forward to it!