Dedicated Suricata PC on home lan

Eddod · November 6, 2022, 10:33am

Hello,

PC is a x86 3.2ghz, 8gb ram, 1x1Gbit rj45, 2x10gbit rj45 port device. Network topography is simple: internet <-> opnsense router <-> managed switch <-> clients.

Where in the network would you preferrably place a device like this?

internet <-> opnsense router <-> NDIS <-> managed switch <-> clients.
internet <-> NDIS <-> opnsense router <-> managed switch <-> clients.

Also, management of NDIS device would happen through a third network interface on the device or through the monitoring interface?

Are there any recommendations for a dedicated management web interface for Suricata or plain cmd line only?

Jeff_Lucovsky · November 7, 2022, 6:53am

Hello Ed,

Your Opsense device is likely running Suricata already so I’d suggest that first.

Eddod · November 7, 2022, 3:40pm

Yup, it can but it s “front end” inside OPNSense and pfSense is a bit arcane. I was thinking of running it on a separate box with IDSTower as a management interface.

Andreas_Herz · November 9, 2022, 7:10am

Well it depends on what you would like to see. Ideally you have both sources, the one between the WAN and the router and also within the network between the router and the clients, especially with NAT for IPv4.

Topic		Replies	Views
Inclusion of Suricata IPS and rules over LAN in pfsense firewall Help ips , rules , suricata	1	89	October 21, 2024
Architecture help Help ips , community , centos	2	1248	November 29, 2020
[new to Suricata] Where do I put my Suricata in my network? Help	1	2883	June 23, 2021
Learn suricata before installing Help	1	56	December 16, 2024
$HOME_NET and multiple interfaces, plus deployment best practices Help	3	4399	June 27, 2020

Dedicated Suricata PC on home lan

Related topics