{"id":40086,"date":"2022-01-31T12:30:00","date_gmt":"2022-01-31T18:30:00","guid":{"rendered":"https:\/\/www.rosehosting.com\/blog\/?p=40086"},"modified":"2022-06-03T03:31:26","modified_gmt":"2022-06-03T08:31:26","slug":"how-to-install-suricata-on-debian-11","status":"publish","type":"post","link":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/","title":{"rendered":"How To Install Suricata on Debian 11"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"742\" height=\"372\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg\" alt=\"how to install suricata on debian 11\" class=\"wp-image-40192\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg 742w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11-300x150.jpg 300w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11-150x75.jpg 150w\" sizes=\"(max-width: 742px) 100vw, 742px\" \/><\/figure>\n\n\n\n<p>In this tutorial, we are going to explain step-by-step how to install and customize Suricata on Debian 11.<\/p>\n\n\n\n<p>Suricata is a Network Security Monitoring tool that processes and controls network traffic. It is used also for generating alerts, logs, and detecting suspicious packets or requests on any service coming to your server. Suricata can be deployed on a server host to scan the incoming and outgoing network traffic or it can be used locally on any compatible machine.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/installing-suricata-on-debian-11.png\" alt=\"installing suricata on debian 11\" class=\"wp-image-40101\" width=\"180\" height=\"100\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/installing-suricata-on-debian-11.png 1024w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/installing-suricata-on-debian-11-300x169.png 300w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/installing-suricata-on-debian-11-150x84.png 150w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/installing-suricata-on-debian-11-768x432.png 768w\" sizes=\"(max-width: 180px) 100vw, 180px\" \/><\/figure><\/div>\n\n\n\n<p>In the next few steps, you will learn more about Suricata and its installation and customization. The installation is a straightforward process and can be done in a few minutes. Let&#8217;s get started!<\/p>\n\n\n\n<!--more-->\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-662ec9056d248\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-662ec9056d248\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Prerequisites\" title=\"Prerequisites\">Prerequisites<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Update-the-System\" title=\"Update the System\">Update the System<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Install-Suricata\" title=\"Install Suricata\">Install Suricata<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Enabling-Community-Flow-ID\" title=\"Enabling Community Flow ID\">Enabling Community Flow ID<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Live-Rule-Reloading\" title=\"Live Rule Reloading\">Live Rule Reloading<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Network-Interface\" title=\"Network Interface\">Network Interface<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Suricata-Rulesets\" title=\"Suricata Rulesets\">Suricata Rulesets<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#Test-the-configuration\" title=\"Test the configuration\">Test the configuration<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\" id=\"h-prerequisites\"><span class=\"ez-toc-section\" id=\"Prerequisites\"><\/span>Prerequisites<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul><li>Fresh install of Debian 11<\/li><li>User privileges: root or non-root user with sudo privileges<\/li><li>VPS with at least 4GB of RAM (Our SSD 4 VPS plan)<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-update-the-system\"><span class=\"ez-toc-section\" id=\"Update-the-System\"><\/span>Update the System<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In order for our system to be up to date before the installation we are going to update it with the command below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt update -y &amp;&amp; sudo apt upgrade -y<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-install-suricata\"><span class=\"ez-toc-section\" id=\"Install-Suricata\"><\/span>Install Suricata<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Once, the system is updated to its latest versions, the next step is to install the Suricata via package. The Suricata package is already included in Debian 11, so we do not need to import any packages thus to execute only the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt install suricata -y<\/pre>\n\n\n\n<p>Once, the installation is completed, start the service with the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl start suricata<\/pre>\n\n\n\n<p>To enable the service to automatically, start on system reboot execute the command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl enable suricata<\/pre>\n\n\n\n<p>To check the status of the service, and verify that everything is ok, execute the command below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl status suricata<\/pre>\n\n\n\n<p>You should receive the output as described below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">root@vps:~# sudo systemctl status suricata\n\u25cf suricata.service - Suricata IDS\/IDP daemon\n     Loaded: loaded (\/lib\/systemd\/system\/suricata.service; enabled; vendor preset: enabled)\n     Active: active (running) since Wed 2021-12-22 09:01:49 EST; 3min 34s ago\n       Docs: man:suricata(8)\n             man:suricatasc(8)\n             https:\/\/suricata-ids.org\/docs\/\n   Main PID: 40712 (Suricata-Main)\n      Tasks: 10 (limit: 4678)\n     Memory: 62.6M\n        CPU: 1min 3.410s\n     CGroup: \/system.slice\/suricata.service\n             \u2514\u250040712 \/usr\/bin\/suricata -D --af-packet -c \/etc\/suricata\/suricata.yaml --pidfile \/run\/suricata.pid\n\nDec 22 09:01:49 test.vps systemd[1]: Starting Suricata IDS\/IDP daemon...\nDec 22 09:01:49 test.vps suricata[40711]: 22\/12\/2021 -- 09:01:49 -  - This is Suricata version 6.0.1 RELEASE running in SYSTEM mode\nDec 22 09:01:49 test.vps systemd[1]: Started Suricata IDS\/IDP daemon.\n<\/pre>\n\n\n\n<p>By default, the Suricata installation is configured only to log the traffic and not prevent any dropping. This mode is called Suricata IDS mode, and if you want to change this according to the type of your traffic you will need to use the Suricata IPS mode. The changes for customizing the Suricata can be done by opening the &#8220;<b>\/etc\/suricata\/suricata.yaml<\/b>&#8221; file with your favorite editor.<\/p>\n\n\n\n<p>In the next few headings, we will explain what changes should be made after the installation of Suricata and its default configuration. In other words, we will customize the default Suricata installation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-enabling-community-flow-id\"><span class=\"ez-toc-section\" id=\"Enabling-Community-Flow-ID\"><\/span>Enabling Community Flow ID<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The community flow ID is used when you plan to use Suricata with tools such as Zeek or Elasticsearch.<\/p>\n\n\n\n<p>To enable the community flow ID, open the &#8220;suricata.yaml&#8221; file, find the line with &#8220;community-id&#8221;, and set it to true.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"> # Community Flow ID\n      # Adds a 'community_id' field to EVE records. These are meant to give\n      # records a predictable flow ID that can be used to match records to\n      # output of other tools such as Zeek (Bro).\n      #\n      # Takes a 'seed' that needs to be same across sensors and tools\n      # to make the id less predictable.\n\n      # enable\/disable the community id feature.\n      <b>community-id: true<\/b>\n<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-live-rule-reloading\"><span class=\"ez-toc-section\" id=\"Live-Rule-Reloading\"><\/span>Live Rule Reloading<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>With Suricata live rule reloading you can add, edit, and remove the rules without restarting the &#8220;<b>suricata.service<\/b>&#8220;. To enable this option open the &#8220;<b>suricata.yaml<\/b> file and at the bottom add the following lines:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">detect-engine:\n  - rule-reload: true<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-network-interface\"><span class=\"ez-toc-section\" id=\"Network-Interface\"><\/span>Network Interface<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The default network interface that Suricata is using and inspecting the traffic is &#8220;<b>eth0<\/b>&#8220;. If you want to override this for Suricata to inspect the traffic on a different network interface, open the &#8220;<b>suricata.yaml<\/b> file, and find the &#8220;- interface: default&#8221;. Once you find it, before that line add the following lines as described below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">- interface: enp0s1\n  cluster-id: 98\n\n- interface: default\n  #threads: auto\n  #use-mmap: no\n  #tpacket-v3: yes\n<\/pre>\n\n\n\n<p>In this example we added, the &#8220;<b>enp0s1<\/b>&#8221; as a network interface, and the cluster-id number 98. Please note the cluster-id number should be unique in this file.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-suricata-rulesets\"><span class=\"ez-toc-section\" id=\"Suricata-Rulesets\"><\/span>Suricata Rulesets<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The limited set of detection rules included by Suricata is located at <b>\/etc\/suricata\/rules<\/b> directory. To fetch the rulesets from external providers you need to execute the command with the update tool that Suricata includes:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo suricata-update -o \/etc\/suricata\/rules<\/pre>\n\n\n\n<p>You should receive the following output:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">23\/12\/2021 -- 16:49:57 -  -- Using data-directory \/var\/lib\/suricata.\n23\/12\/2021 -- 16:49:57 -  -- Using Suricata configuration \/etc\/suricata\/suricata.yaml\n23\/12\/2021 -- 16:49:57 -  -- Using \/etc\/suricata\/rules for Suricata provided rules.\n23\/12\/2021 -- 16:49:57 -  -- Found Suricata version 6.0.1 at \/usr\/bin\/suricata.\n23\/12\/2021 -- 16:49:57 -  -- Loading \/etc\/suricata\/suricata.yaml\n23\/12\/2021 -- 16:49:57 -  -- Disabling rules for protocol http2\n23\/12\/2021 -- 16:49:57 -  -- Disabling rules for protocol modbus\n23\/12\/2021 -- 16:49:57 -  -- Disabling rules for protocol dnp3\n23\/12\/2021 -- 16:49:57 -  -- Disabling rules for protocol enip\n23\/12\/2021 -- 16:49:57 -  -- No sources configured, will use Emerging Threats Open\n23\/12\/2021 -- 16:49:57 -  -- Fetching https:\/\/rules.emergingthreats.net\/open\/suricata-6.0.1\/emerging.rules.tar.gz.\n 100% - 3119656\/3119656\n23\/12\/2021 -- 16:49:58 -  -- Done.\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/app-layer-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/decoder-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/dhcp-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/dnp3-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/dns-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/files.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/http-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/ipsec-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/kerberos-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/modbus-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/nfs-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/ntp-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/smb-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/smtp-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/stream-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Loading distribution rule file \/etc\/suricata\/rules\/tls-events.rules\n23\/12\/2021 -- 16:49:58 -  -- Ignoring file rules\/emerging-deleted.rules\n23\/12\/2021 -- 16:50:04 -  -- Loaded 31699 rules.\n23\/12\/2021 -- 16:50:05 -  -- Disabled 14 rules.\n23\/12\/2021 -- 16:50:05 -  -- Enabled 0 rules.\n23\/12\/2021 -- 16:50:05 -  -- Modified 0 rules.\n23\/12\/2021 -- 16:50:05 -  -- Dropped 0 rules.\n23\/12\/2021 -- 16:50:05 -  -- Enabled 131 rules for flowbit dependencies.\n23\/12\/2021 -- 16:50:05 -  -- Backing up current rules.\n23\/12\/2021 -- 16:50:05 -  -- Writing rules to \/etc\/suricata\/rules\/suricata.rules: total: 31699; enabled: 24319; added: 31699; removed 0; modified: 0\n23\/12\/2021 -- 16:50:05 -  -- Writing \/etc\/suricata\/rules\/classification.config\n23\/12\/2021 -- 16:50:06 -  -- Testing with suricata -T.\n23\/12\/2021 -- 16:50:44 -  -- Done.<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-test-the-configuration\"><span class=\"ez-toc-section\" id=\"Test-the-configuration\"><\/span>Test the configuration<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>At the end when everything is set up such as network interface, community flow ID, and rules we can check the Suricata configuration if everything is OK with it, by executing the command below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">suricata -T \/etc\/suricata\/suricata.yaml<\/pre>\n\n\n\n<p>You should receive the output as described below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">root@vps:~# suricata -T \/etc\/suricata\/suricata.yaml\n23\/12\/2021 -- 16:51:15 -  - Running suricata under test mode\n23\/12\/2021 -- 16:51:15 -  - This is Suricata version 6.0.1 RELEASE running in SYSTEM mode\n23\/12\/2021 -- 16:51:52 -  - Configuration provided was successfully loaded. Exiting.\n<\/pre>\n\n\n\n<p>That&#8217;s it. You successfully installed and configured the Suricata Network Security Tool on Debian 11. If you find it difficult to use, you can contact our admins and they will configure it for you. We are available 24\/7.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-set-up-suricata-on-debian-11.jpg\" alt=\"how to set up suricata on debian 11\" class=\"wp-image-40104\" width=\"226\" height=\"125\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-set-up-suricata-on-debian-11.jpg 830w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-set-up-suricata-on-debian-11-300x166.jpg 300w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-set-up-suricata-on-debian-11-150x83.jpg 150w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-set-up-suricata-on-debian-11-768x426.jpg 768w\" sizes=\"(max-width: 226px) 100vw, 226px\" \/><\/figure><\/div>\n\n\n\n<p>If you liked this post on how to install Suricata on Debian 11, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we are going to explain step-by-step how to install and customize Suricata on Debian 11. Suricata is &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"How To Install Suricata on Debian 11\" class=\"read-more button\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#more-40086\" aria-label=\"Read more about How To Install Suricata on Debian 11\">Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":40192,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1700,13],"tags":[1962,1603,1977],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Install Suricata on Debian 11 | RoseHosting<\/title>\n<meta name=\"description\" content=\"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Install Suricata on Debian 11 | RoseHosting\" \/>\n<meta property=\"og:description\" content=\"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/\" \/>\n<meta property=\"og:site_name\" content=\"RoseHosting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RoseHosting\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/rosehosting.helpdesk\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-31T18:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-03T08:31:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg?v=1640936445\" \/>\n\t<meta property=\"og:image:width\" content=\"742\" \/>\n\t<meta property=\"og:image:height\" content=\"372\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"How to Install Suricata on Debian 11 | RoseHosting\" \/>\n<meta name=\"twitter:description\" content=\"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.\" \/>\n<meta name=\"twitter:creator\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:site\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/\"},\"author\":{\"name\":\"Jeff Wilson\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713\"},\"headline\":\"How To Install Suricata on Debian 11\",\"datePublished\":\"2022-01-31T18:30:00+00:00\",\"dateModified\":\"2022-06-03T08:31:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/\"},\"wordCount\":689,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg\",\"keywords\":[\"debian 11\",\"how to install\",\"suricata\"],\"articleSection\":[\"Debian\",\"Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/\",\"name\":\"How to Install Suricata on Debian 11 | RoseHosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg\",\"datePublished\":\"2022-01-31T18:30:00+00:00\",\"dateModified\":\"2022-06-03T08:31:26+00:00\",\"description\":\"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg\",\"contentUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg\",\"width\":742,\"height\":372,\"caption\":\"how to install suricata on debian 11\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.rosehosting.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Install Suricata on Debian 11\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#website\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/\",\"name\":\"RoseHosting\",\"description\":\"Premium Linux Tutorials Since 2001\",\"publisher\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\",\"name\":\"RoseHosting\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png\",\"contentUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png\",\"width\":192,\"height\":192,\"caption\":\"RoseHosting\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RoseHosting\",\"https:\/\/x.com\/rosehosting\",\"https:\/\/www.linkedin.com\/in\/rosehosting\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713\",\"name\":\"Jeff Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g\",\"caption\":\"Jeff Wilson\"},\"description\":\"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.\",\"sameAs\":[\"https:\/\/www.rosehosting.com\",\"https:\/\/www.facebook.com\/rosehosting.helpdesk\"],\"url\":\"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Install Suricata on Debian 11 | RoseHosting","description":"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/","og_locale":"en_US","og_type":"article","og_title":"How to Install Suricata on Debian 11 | RoseHosting","og_description":"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.","og_url":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/","og_site_name":"RoseHosting","article_publisher":"https:\/\/www.facebook.com\/RoseHosting","article_author":"https:\/\/www.facebook.com\/rosehosting.helpdesk","article_published_time":"2022-01-31T18:30:00+00:00","article_modified_time":"2022-06-03T08:31:26+00:00","og_image":[{"width":742,"height":372,"url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg?v=1640936445","type":"image\/jpeg"}],"author":"Jeff Wilson","twitter_card":"summary_large_image","twitter_title":"How to Install Suricata on Debian 11 | RoseHosting","twitter_description":"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.","twitter_creator":"@rosehosting","twitter_site":"@rosehosting","twitter_misc":{"Written by":"Jeff Wilson","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#article","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/"},"author":{"name":"Jeff Wilson","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713"},"headline":"How To Install Suricata on Debian 11","datePublished":"2022-01-31T18:30:00+00:00","dateModified":"2022-06-03T08:31:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/"},"wordCount":689,"commentCount":0,"publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg","keywords":["debian 11","how to install","suricata"],"articleSection":["Debian","Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/","url":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/","name":"How to Install Suricata on Debian 11 | RoseHosting","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg","datePublished":"2022-01-31T18:30:00+00:00","dateModified":"2022-06-03T08:31:26+00:00","description":"In the following tutorial, users will learn how to install Suricata on Debian 11. Suricata is an intrusion prevention system.","breadcrumb":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#primaryimage","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2021\/12\/how-to-install-suricata-on-debian-11.jpg","width":742,"height":372,"caption":"how to install suricata on debian 11"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-suricata-on-debian-11\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rosehosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How To Install Suricata on Debian 11"}]},{"@type":"WebSite","@id":"https:\/\/www.rosehosting.com\/blog\/#website","url":"https:\/\/www.rosehosting.com\/blog\/","name":"RoseHosting","description":"Premium Linux Tutorials Since 2001","publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosehosting.com\/blog\/#organization","name":"RoseHosting","url":"https:\/\/www.rosehosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","width":192,"height":192,"caption":"RoseHosting"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RoseHosting","https:\/\/x.com\/rosehosting","https:\/\/www.linkedin.com\/in\/rosehosting\/"]},{"@type":"Person","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713","name":"Jeff Wilson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g","caption":"Jeff Wilson"},"description":"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.","sameAs":["https:\/\/www.rosehosting.com","https:\/\/www.facebook.com\/rosehosting.helpdesk"],"url":"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/40086"}],"collection":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/comments?post=40086"}],"version-history":[{"count":6,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/40086\/revisions"}],"predecessor-version":[{"id":40193,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/40086\/revisions\/40193"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media\/40192"}],"wp:attachment":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media?parent=40086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/categories?post=40086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/tags?post=40086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}