Dedicated Suricata PC on home lan


PC is a x86 3.2ghz, 8gb ram, 1x1Gbit rj45, 2x10gbit rj45 port device. Network topography is simple: internet <-> opnsense router <-> managed switch <-> clients.

Where in the network would you preferrably place a device like this?

  1. internet <-> opnsense router <-> NDIS <-> managed switch <-> clients.
  2. internet <-> NDIS <-> opnsense router <-> managed switch <-> clients.

Also, management of NDIS device would happen through a third network interface on the device or through the monitoring interface?

Are there any recommendations for a dedicated management web interface for Suricata or plain cmd line only?

Hello Ed,

Your Opsense device is likely running Suricata already so I’d suggest that first.

1 Like

Yup, it can but it s “front end” inside OPNSense and pfSense is a bit arcane. I was thinking of running it on a separate box with IDSTower as a management interface.

Well it depends on what you would like to see. Ideally you have both sources, the one between the WAN and the router and also within the network between the router and the clients, especially with NAT for IPv4.