[Oisf-users] Suricata deployment

Victor Julien victor at inliniac.net
Thu Apr 7 08:02:32 UTC 2011

Thanks for the support!

On 04/07/2011 02:29 AM, corenor wrote:
> I wanted to share with the list my experiences with this excellent ids solution.
> I have a custom 'appliance' attached to a 1gbps network tap that is
> inside our firewall.  The exterior Internet link is 200mbs but full
> gig bursts are possible between various segments that cross this
> inspection point.
> The 'appliance' is built on fc9 so I figured I could compile or
> install snort on the box and retrieve valuable info about the traffic.
> I had several challenges with snort.  I could not get the most recent
> version to compile un fedora core 9.  The older version did not like
> most of the snort rules since they introduced new variable types.
> I first compiled and configured suricata 1.0. This was not very stable
> so I switched to the 1.1 beta.  I am using the emerging threat rules
> along with barnyard2 output and feeding the results to qradar.
> Everything is working very well with no stability issues.
> Regards, and thank you for this project.
> On 4/1/11, Martin Holste <mcholste at gmail.com> wrote:
>> Couldn't find it on Google, so I thought I'd put it to the list:
>> what's the easiest (and most scriptable) way to suppress an event in
>> Suricata?  Can I write to a file and HUP Suricata?  This would be for
>> FP tuning from a web GUI.
>> Thanks,
>> Martin
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list