Before Suricata can be used it has to be installed. Suricata can be installed on various distributions using binary packages: Binary packages.
For people familiar with compiling their own software, the Source method is recommended.
Advanced users can check the advanced guides, see Advanced Installation.
Installing from the source distribution files gives the most control over the Suricata installation.
tar xzvf suricata-6.0.0.tar.gz cd suricata-6.0.0 ./configure make make install
This will install Suricata into
/usr/local/bin/, use the default
/usr/local/etc/suricata/ and will output to
3.1.1. Common configure options¶
Do not optimize the binary for the hardware it is built on. Add this flag if the binary is meant to be portable or if Suricata is to be used in a VM.
Installs the Suricata binary into /usr/bin/. Default
Installs the Suricata configuration files into /etc/suricata/. Default
Setups Suricata for logging into /var/log/suricata/. Default
Enables Lua support for detection and output.
Enables GeoIP support for detection.
For Suricata's compilation you'll need the following libraries and their development headers installed:
libjansson, libpcap, libpcre, libmagic, zlib, libyaml
The following tools are required:
make gcc (or clang) pkg-config
For full features, also add:
libnss, libgeoip, liblua5.1, libhiredis, libevent
rustc, cargo Not every distro provides Rust packages yet. Rust can also be installed directly from the Rust project itself:: https://www.rust-lang.org/en-US/install.html
apt-get install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev \ libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev \ make libmagic-dev libjansson libjansson-dev
apt-get install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev \ libnet1-dev libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev \ libcap-ng-dev libcap-ng0 make libmagic-dev \ libnss3-dev libgeoip-dev liblua5.1-dev libhiredis-dev libevent-dev \ python-yaml rustc cargo
Extra for iptables/nftables IPS integration:
apt-get install libnetfilter-queue-dev libnetfilter-queue1 \ libnetfilter-log-dev libnetfilter-log1 \ libnfnetlink-dev libnfnetlink0
For Rust support:
apt-get install rustc cargo cargo install --force --debug --version 0.14.1 cbindgen
3.2. Binary packages¶
3.2.1. Ubuntu from Personal Package Archives (PPA)¶
For Ubuntu, OISF maintains a PPA
suricata-6.0 that always contains the
latest stable release for Suricata 6.
Setup to install the latest stable Suricata 6:
sudo apt-get install software-properties-common sudo add-apt-repository ppa:oisf/suricata-6.0 sudo apt-get update
Then, you can install the latest stable with:
sudo apt-get install suricata
After installing you can proceed to the Basic setup.
sudo apt-get update sudo apt-get upgrade suricata
To remove Suricata from your system:
sudo apt-get remove suricata
18.104.22.168. Getting Debug or Pre-release Versions¶
If you want Suricata with built-in (enabled) debugging, you can install the debug package:
sudo apt-get install suricata-dbg
If you would like to help test the Release Candidate (RC) packages, the same procedures
apply, just using another PPA:
sudo add-apt-repository ppa:oisf/suricata-beta sudo apt-get update sudo apt-get upgrade
You can use both the suricata-stable and suricata-beta repositories together. Suricata will then always be the latest release, stable or beta.
22.214.171.124. Daily Releases¶
If you would like to help test the daily build packages from our latest git(dev)
repository, the same procedures as above apply, just using another PPA,
sudo add-apt-repository ppa:oisf/suricata-daily-allarch sudo apt-get update sudo apt-get upgrade
Please have in mind that this is packaged from our latest development git master and is therefore potentially unstable.
We do our best to make others aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please refer to Suricata's issue tracker on Redmine for an up-to-date list of what we are working on, planned roadmap, and to report issues.
In Debian 9 (stretch) and later do:
sudo apt-get install suricata
In the "stable" version of Debian, Suricata is usually not available in the latest version. A more recent version is often available from Debian backports, if it can be built there.
To use backports, the backports repository for the current stable
distribution needs to be added to the system-wide sources list.
For Debian 10 (buster), for instance, run the following as
echo "deb http://http.debian.net/debian buster-backports main" > \ /etc/apt/sources.list.d/backports.list apt-get update apt-get install suricata -t buster-backports
The following is an example of installing Suricata 6.0 on Fedora. If you wish to install 5.0 instead, change the version in @oisf/suricata-6.0.
dnf install dnf-plugins-core dnf copr enable @oisf/suricata-6.0 dnf install suricata
3.2.4. RHEL/CentOS 8 and 7¶
The following is an example of installing Suricata 6.0 on CentOS. If you wish to install 5.0 instead, change the version in @oisf/suricata-6.0.
yum install epel-release yum-plugin-copr yum copr enable @oisf/suricata-6.0 yum install suricata
3.3. Advanced Installation¶
Various installation guides for installing from GIT and for other operating systems are maintained at: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation