In general, there are two steps that you need to take to get suricata running on your system. This package ships with minimal rules. For it to do its job, it must have better rules. Rules can be obtained from a couple places. It knows how to use snort rules if you have those. But if you don't, another place to get rules is the emerging threats web site. To install, you might do something like: wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz tar -xz -C /etc/suricata/rules/ --strip-components=1 -f emerging.rules.tar.gz Then open /etc/suricata/suricata.yaml and scan down it for a setting named 'rule-files'. Enable or disable individual rules as you see fit. The last general item to get started is to correct the network interface to match your setup. Run the ifconfig command to see what interfaces are available to your system. Then edit /etc/sysconfig/suricata file. The line that says OPTIONS can be edited. It defaults to eth0, so replace that with your choice for network interface.