Re: [Packetfence-users] Suricata Supoort?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I let them know about the errors, we all get fat fingers from time to time :)
They are and they aren't a drop-in replacement, Snort rules can be
used unmodified but they also have additional features that even Snort
3.0 probably won't have. Hardware Acceleration via CUDA/OpenCL is a
new feature to be released soon.
Another feature recently released:
http://www.emergingthreats.net/index.php/component/content/article/18-research/213-suricate-new-features-series-flowint.html
They are supposed to have an enhanced rule syntax that builds off of
Snorts.
Suricata is beta, but so far seems very stable and comparable to Snort
in our test environment; with its list of upcoming features I think it
will be deployed and possibly replace Snort installs. Again when
paired with Barnyard2, it logs to the same Snort DB as a Snort install
does with no modifications needed. Suricata is currently a linux only
install, windows binaries as also supposed to be on the horizon. While
it might not be a supported IDS for PacketFence, if all PF is looking
at is the DB where IDS log's to, in theory it should work I guess? I
simply haven't tried it yet, my Snort and Suri are in two different
environments.
-rich
Xinn.org