1. Basics
For Arkime installation, refer to âThe Road to Learning Arkime, the Traffic Analysis Tool (Part 1) â Installation and Deploymentâ. On this basis, install and configure the Suricata software.
2. Install Suricata for Arkime installation
yum install suricata
Possible dependencies include libyaml and PyYAML, which may have been installed during the Arkime installation or with other software.
3. Rules
suricata-update can update the rules online. For offline installation, extract the downloaded rules file to the /var/lib/suricata/ folder,
where suricata.rules is the default configuration rule 
4. Startup Command
suricata -c /etc/suricata/suricata.yaml -i$ifname&5. Integration with Arkime
Mainly modify the Arkime configuration file, and Suricata should be started before Arkime. Modify message permissions
chmod o+r /var/log/suricata/eve.json
Modify the Arkime configuration file
sed -i "s/dropUser=nobody/dropUser=root/g" /opt/arkime/etc/config.ini
Add plugin support
sed -i "216a plugins=suricata.so" /opt/arkime/etc/config.ini
sed -i "217a suricataAlertFile=/var/log/suricata/eve.json" /opt/arkime/etc/config.ini
sed -i "218a suricataExpireMinutes=60" /opt/arkime/etc/config.ini
Restart the Arkime capture service
systemctl restart arkimecapture.service
You can download packets 
You can see HTTP interaction content 