1 files changed, 116 insertions, 0 deletions
diff --git a/framework/src/suricata/doc/Basic_Setup.txt b/framework/src/suricata/doc/Basic_Setup.txt
new file mode 100644
index 00000000..1769e1d4
--- /dev/null
+++ b/framework/src/suricata/doc/Basic_Setup.txt
@@ -0,0 +1,116 @@
+Autogenerated on 2012-11-29
+from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup
+
+
+Basic Setup
+
+When using Debian or FreeBSD, make sure you enter all commands as root/super-
+user because for these operating systems it is not possible to use 'sudo'.
+Start with creating a directory for Suricata's log information.
+
+  sudo mkdir /var/log/suricata
+
+
+To prepare the system for using it, enter:
+
+  sudo mkdir /etc/suricata
+
+The next step is to copy classification.config, reference.config and
+suricata.yaml from the base build/installation directory (ex. from git it will
+be the oisf directory) to the /etc/suricata directory. Do so by entering the
+following:
+
+  sudo cp classification.config /etc/suricata
+  sudo cp reference.config /etc/suricata
+  sudo cp suricata.yaml /etc/suricata
+
+
+Auto setup
+
+You can also use the available auto setup features of Suricata:
+ex:
+
+     ./configure && make && make install-conf
+
+make install-conf
+would do the regular "make install" and then it would automatically create/
+setup all the necessary directories and suricata.yaml for you.
+
+     ./configure && make && make install-rules
+
+make install-rules
+would do the regular "make install" and then it would automatically download
+and set up the latest ruleset from Emerging Threats available for Suricata
+
+     ./configure && make && make install-full
+
+make install-full
+would combine everything mentioned above (install-conf and install-rules) - and
+will present you with a ready to run (configured and set up) Suricata
+
+Setting variables
+
+Make sure every variable of the vars, address-groups and port-groups in the
+yaml file is set correctly for your needs. A full explanation is available in
+the Rule_vars_section_of_the_yaml. You need to set the ip-address(es) of your
+local network at HOME_NET. It is recommended to set EXTERNAL_NET to !$HOME_NET.
+This way, every ip-address but the one set at HOME_NET will be treated as
+external. It is also possible to set EXTERNAL_NET to 'any', only the
+recommended setting is more precise and lowers the change that false positives
+will be generated. HTTP_SERVERS, SMTP_SERVERS , SQL_SERVERS , DNS_SERVERS and
+TELNET_SERVERS are by default set to HOME_NET. AIM_SERVERS is by default set at
+'any'. These variables have to be set for servers on your network. All settings
+have to be set to let it have a more accurate effect.
+Next, make sure the following ports are set to your needs: HTTP_PORTS,
+SHELLCODE_PORTS, ORACLE_PORTS and SSH_PORTS.
+Finally, set the host-os-policy to your needs. See Host_OS_Policy_in_the_yaml
+for a full explanation.
+
+    windows:[]
+    bsd: []
+    bsd-right: []
+    old-linux: []
+    linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:
+  0000"]
+    old-solaris: []
+    solaris: ["::1"]
+    hpux10: []
+    hpux11: []
+    irix: []
+    macos: []
+    vista: []
+    windows2k3: []
+
+Note that bug #499 may prevent you from setting old-linux, bsd-right and old-
+solaris right now.
+
+Interface cards
+
+To check the available interface cards, enter:
+
+  ifconfig
+
+Now you can see which one you would like Suricata to use.
+To start the engine and include the interface card of your preference, enter:
+
+  sudo suricata -c /etc/suricata/suricata.yaml -i wlan0
+
+Instead of wlan0, you can enter the interface card of your preference.
+To see if the engine is working correctly and receives and inspects traffic,
+enter:
+
+  cd /var/log/suricata
+
+Followed by:
+
+  tail http.log
+
+And:
+
+  tail -n 50 stats.log
+
+To make sure the information displayed is up-dated in real time, use the -
+f option before http.log and stats.log:
+
+  tail -f http.log stats.log
+