Blob Blame Raw
In general, there are two steps that you need to take to get suricata
running on your system. This package ships with minimal rules. For it
to do its job, it must have better rules. Rules can be obtained from a
couple places. It knows how to use snort rules if you have those. But if
you don't, another place to get rules is the emerging threats web site.
To install, you might do something like:

wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
tar -xz -C /etc/suricata/rules/ --strip-components=1 -f emerging.rules.tar.gz

Then open /etc/suricata/suricata.yaml and scan down it for a setting named
'rule-files'. Enable or disable individual rules as you see fit.

The last general item to get started is to correct the network interface to
match your setup. Run the ifconfig command to see what interfaces are
available to your system. Then edit /etc/sysconfig/suricata file. The line
that says OPTIONS can be edited. It defaults to eth0, so replace that with
your choice for network interface.