yum -y install libpcap libpcap-devel libnet libnet-devel pcre \ pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \ libyaml-devel zlib zlib-devel libcap-ng libcap-ng-devel magic magic-devel file file-devel
0.配置大体上与配置snort相同
1.配置Barnyard2
git clone https://github.com/firnsy/barnyard2 cd barnyard2 ./autogen.sh
./configure --with-mysql-libraries=/usr/lib64/mysql make make install
mkdir /etc/suricata/ cp etc/barnyard2.conf /etc/suricata/
2.配置suricata.conf
mkdir /var/log/suricata
规则:
wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
解压规则到/etc/suricata
进入suricata目录
cp suricata.yaml classification.config reference.config /etc/suricata/
barnyard2.conf参考配置snort
启动
suricata --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml -l /var/log/suricata
barnyard2 -c /etc/suricata/barnyard2.conf -d /var/log/suricata -f unified2.alert -C /etc/suricata/classification.config
barnyard2 -c /etc/suricata/barnyard2.conf -d /var/log/suricata -f unified2.alert -C /etc/suricata/classification.config
