Installation

DEB

Install dependencies and suricata, run following commands

sudo apt-get install libpcre3-dbg libpcre3-dev autoconf automake libtool libpcap-dev libnet1-dev libyaml-dev libjansson4 libcap-ng-dev libmagic-dev libjansson-dev zlib1g-dev
sudo apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update -y
sudo apt-get install software-properties-common
sudo apt-get install suricata
sudo suricata-update

Update interval of stats and file_type of eve-log to syslog (make sure rsyslog is installed)

sudo nano /etc/suricata/suricata.yaml

- stats:
enabled: yes
interval: 3600
- eve-log:
enabled: yes
filetype: syslog
level: Info
filename: eve.json

sudo service suricata restart

RHEL / CENTOS

yum install epel-release
yum install suricata

For other OS distribution, follow official documentation keeping following 2 points in consideration. 1. Enable eve-log (eve.json) and filetype to syslog 2. Make sure rsyslog and osquery is running on the endpoint.