Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF).
Highly Scalable: Suricata is multi threaded, you can run one instance and it will balance the processing load of across all available processors on a sensor.
Protocol Identification: The most common protocols are automatically recognised by Suricata as the stream starts, this allows rule writers to write a rule to the protocol, not to the port expected.
File Identification: Suricata can identify file types, should you decide you want to investigate further you can tag files for extraction and the file will be written to disk.
[root]# yum install libpcap libpcap-devel libnet libnet-devel pcre pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml libyaml-devel zlib zlib-devel file-devel
[root]# ./configure [root]# make [root]# make install-full
Default install into /usr/local/…
[root]# suricata.yaml: - unified2-alert: enabled: no - stats: enabled: no - http-log: enabled: no - file: enabled: yes filename: /var/log/suricata.log # - decoder-events.rules
[root]# suricata -c /usr/local/etc/suricata/suricata.yaml -i eth0 --init-errors-fatal 5/11/2015 -- 15:31:55 - <Notice> - This is Suricata version 2.0.9 RELEASE
[root]# suricata -D -c /usr/local/etc/suricata/suricata.yaml -i eth0
927 total views, 1 views today