| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| pfsense:suricata [2021/01/20 12:46] – peter | pfsense:suricata [2021/07/20 11:39] (current) – peter |
|---|
| ====== PFSense - Suricata ====== | ====== PFSense - Suricata ====== |
| |
| Suricata is an engine for... | See [[IDS:Suricata|Suricata]] |
| | |
| * Network Intrusion Detection | |
| * Network Intrusion Prevention | |
| * Network Security Monitoring | |
| |
| ---- | ---- |
| |
| [[PFSense:Suricata:About Suricata|About Suricata]] | |
| |
| [[PFSense:Suricata:Alerts|Alerts]] | ===== Suricata in pfSense ===== |
| |
| [[PFSense:Suricata:Create a custom HOME_NET|Create a custom HOME_NET]] | The GUI code for Suricata is all written in PHP. All that PHP code does is provide a fancy user interface for choosing parameters which populate the suricata.yaml configuration file that the Suricata binary needs to run. All of the "brains" of packet inspection and rule signatures lives within the binary. The binary is designed to be completely command-line driven, and a simple text configuration file (suricata.yaml) tells the binary how to behave. So the Suricata package in pfSense consists of two parts: (1) the Suricata binary piece; and (2) a GUI piece to aid the user in choosing appropriate parameter settings for the suricata.yaml text configuration file. |
| |
| [[PFSense:Suricata:Custom Rules|Custom Rules]] | All of the PHP code lives in /usr/local/pkg/suricata and /usr/local/www/suricata. Liberal with comments throughout the code base. That should help you follow the logic. The file names (especially in the www sub-directory) are descriptive of the function of the file. For example, you will find at least one PHP file responsible for displaying and handling user interaction for each tab in the GUI. |
| |
| [[PFSense:Suricata:Inline versus legacy IPS mode|Inline versus legacy IPS mode]] | ---- |
| | |
| [[PFSense:Suricata:Install Suricata|Install Suricata]] | |
| | |
| [[PFSense:Suricata:Pass Lists|Pass Lists]] | |
| | |
| [[PFSense:Suricata:Rules|Rules]] | |
| | |
| [[PFSense:Suricata:Snort Rules|Snort Rules]] | |
| | |
| [[PFSense:Suricata:Suppress|Suppress]] | |
| | |
| [[PFSense:Suricata:Troubleshooting|Troubleshooting]] | |
| | |
| [[PFSense:Suricata:WAN or LAN|WAN or LAN]] | |
| |
| | ===== References ===== |
| |
| | https://forum.netgate.com/topic/136729/suricata-cannot-change-home-net-list/9 |
