Docs / Security / How to Set Up Suricata IDS on Linux

How to Set Up Suricata IDS on Linux

By Admin · Mar 1, 2026 · Updated Apr 23, 2026 · 23 views · 1 min read

How to Set Up Suricata IDS on Linux

Suricata is a high-performance intrusion detection and prevention system (IDS/IPS) that monitors network traffic for malicious activity on your Breeze.

Installing Suricata

On Ubuntu/Debian, install from the official PPA:

sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt update
sudo apt install suricata -y

Basic Configuration

Edit the main configuration file to set your network interface and home network:

sudo nano /etc/suricata/suricata.yaml

Set the following values:

  • HOME_NET - your Breeze internal IP range (e.g., [192.168.1.0/24])
  • af-packet interface - your primary network interface (e.g., eth0)
  • default-rule-path - typically /var/lib/suricata/rules

Updating Rules

Use suricata-update to fetch the latest threat detection rules:

sudo suricata-update
sudo systemctl restart suricata

Monitoring Alerts

Suricata logs alerts to /var/log/suricata/fast.log. Monitor in real time:

sudo tail -f /var/log/suricata/fast.log

Running as IPS

To run Suricata in IPS mode using nfqueue:

sudo suricata -c /etc/suricata/suricata.yaml -q 0

Configure iptables to route traffic through the queue for active threat blocking on your Breeze.

Was this article helpful?

Related Articles