Snort vs Suricata vs Both



  • So I am wondering (although none seem to be working right now) what IPS I should go with. I currently have OpenVPN setup which is absorbing all traffic and the machine is a basic office-level computer.

    Due to the multi-threading and layer 7 protocols that can be used in the rules (compared to snort) it seems that Suricata is the best option however I've just watched another video now that says because of OpenAppID that Snort is the best now.

    What would be the best for security and how much performance degradation would I suffer if I implemented both at the same time (if that's even possible).

    PS:
    Also if anyone can help with a problem that I'm currently having with setting up either Snort or Suricata than please do, any help is appreciated.
    https://forum.pfsense.org/index.php?topic=145386.0


Log in to reply