====== IDS ======

  * snort 
  * suricata
  * Suricata + extras: [[https://github.com/StamusNetworks/SELKS|SELKS]]

===== suricata =====

Only logs alerts. Need other tool to grep logs and send emails.

<file txt /etc/suricata/local.rules>
alert udp !$DHCP_SERVERS 67 -> any 68 (msg:"detect rogue DHCP servers!"; sid:123456789;)
#alert udp !$DHCP_SERVERS 67 -> 255.255.255.255 any (msg: "detect rogue DHCP server!"; sid:1000001;)
</file>

===== SELKS =====

3 method of installation:
  * source
  * docker image
  * debian based ISO distro