Suricata is an open-source Intrusion Detection System (IDS) that provides powerful network monitoring capabilities. It can detect and alert on malicious traffic, making it a popular choice for securing servers, including VPS servers. In this guide, we’ll walk through how to install Suricata IDS on Ubuntu 24.04.

Step 1: Update Your System

Before installing Suricata, it’s important to update your Ubuntu 24.04 server. Run the following commands in your terminal to ensure all packages are up to date:

sudo apt update && sudo apt upgrade -y

Step 2: Add the Suricata PPA Repository

Suricata is not included in Ubuntu’s default repositories, so you’ll need to add the Official Suricata PPA (Personal Package Archive) to your system:

sudo add-apt-repository ppa:oisf/suricata-stable

Once the repository is added, update your package list:

sudo apt update

Step 3: Install Suricata

After adding the PPA repository, you can now install Suricata with the following command:

sudo apt install suricata -y

This will install Suricata along with its dependencies on your Ubuntu 24.04 server.

Step 4: Configure Suricata

Before starting Suricata, you need to configure it. The main configuration file is located at /etc/suricata/suricata.yaml. Open it for editing:

sudo nano /etc/suricata/suricata.yaml

In this file, you can set the network interface that Suricata will monitor. Look for the af-packet section and configure the network interface (e.g., eth0 or ens33) that your server uses to connect to the internet:

af-packet:
  - interface: eth0
        

Save and exit the file when you’re done editing.

Step 5: Start Suricata

Now that Suricata is configured, you can start the service and enable it to run at boot:

sudo systemctl start suricata
sudo systemctl enable suricata
        

To verify that Suricata is running, use the following command:

sudo systemctl status suricata

Step 6: Enable Suricata Logs

Suricata creates detailed logs of network activity. By default, logs are stored in the /var/log/suricata/ directory. To view live alerts, you can use the following command:

tail -f /var/log/suricata/fast.log

This will show you real-time logs of detected network activity and potential threats.

Running Suricata on a VPS Server

Suricata is ideal for securing your VPS server, especially when running web services, databases, or other critical applications. By monitoring network traffic in real-time, you can detect threats early and take action to protect your VPS from attacks.

Managing a VPS with Suricata

By installing Suricata on a VPS server, you add an extra layer of security. This is especially useful for securing cloud-hosted services and sensitive data. Suricata’s ability to detect intrusion attempts helps ensure your VPS stays protected against cyber threats.

Looking for a Reliable VPS for Security?

If you’re looking for a robust VPS server to run Suricata IDS, consider using WindowsVPS. With WindowsVPS, you get reliable performance and scalability, making it easy to secure your server and manage network traffic efficiently.