SURICATA Info about configuration

Can you please answer below questions:
1.Do we have any inbuilt UI for Suricata to visualize the logs?
2.Can we configure email alerts? if yes, where to define smtp server details in suricata server.
3. Installed Suricata on centos, do we need to maintain suricata in cluster mode in order to collect the logs or single server with high configurations is enough?
4. Does suricata supports IPS ?

There is no UI shipped with Suricata but you can use SELKS or just the ELK stack. Also look into Evebox. The idea is to us other tools that are made for log visualization.

No this is not a feature of Suricata, you need a external tool for that.

This depends on your setup, hard to tell without more details.

Yes see 13. Setting up IPS/inline for Linux — Suricata 5.0.3 documentation for two possible modes on Linux.

1 Like