1 files changed, 44 insertions, 0 deletions

diff --git a/debian/suricata.README.Debian b/debian/suricata.README.Debian
new file mode 100644
index 0000000..a1e554a
--- /dev/null
+++ b/debian/suricata.README.Debian
@@ -0,0 +1,44 @@
+Suricata for Debian
+-------------------
+
+The engine is an Open Source Next Generation Intrusion Detection and
+Prevention Tool, not intended to just replace or emulate the existing tools in
+the industry, but to bring new ideas and technologies to the field.
+
+To run the engine with default configuration on interface eth0 (in live mode),
+run the following command (as root):
+ suricata -c /etc/suricata/suricata.yaml -i eth0
+
+To run in live NFQUEUE mode, use (as root):
+ suricata -c /etc/suricata/suricata.yaml -q $QUEUE_ID
+
+You can also run suricata on a PCAP file:
+ suricata -c /etc/suricata/suricata.yaml -r file.pcap
+
+
+Daemon system integration
+-------------------------
+
+The suricata daemon comes preconfigured to run as a system daemon with systemd.
+
+You can start/stop the daemon with:
+ % sudo systemctl start suricata.service
+ % sudo systemctl stop suricata.service
+
+You should copy /lib/systemd/system/suricata.service to
+/etc/systemd/system/suricata.service and adapt the configuration to your needs.
+
+The sysvinit script and related files (/etc/init.d/suricata and
+/etc/default/suricata) will be eventually discarted at some point in the
+future. The /etc/default/suricata file is ignored by the default
+suricata.service file.
+
+By now, there is no integration between suricata and libsystemd (so, options
+like the watchdog are not supported).
+
+
+Updating Rules
+--------------
+
+You should edit /etc/suricata/suricata.yaml and adjust it to fit your needs.
+The recommended way to update rules is via suricata-update (also packaged in Debian).