Suricata IDS on an Anubiz Offshore VPS
Suricata reads packets off the interface, matches against signature rules, and alerts on known-bad traffic patterns. Useful on an Anubiz VPS as the second layer behind the firewall: the firewall blocks what it knows, Suricata sees what tries. This guide is IDS-only (not IPS), using ET Open rules on Ubuntu 24.04 with EVE JSON output piped to a Telegram alert.
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Prereqs
2 GB RAM minimum, 4 GB recommended. Anubiz Romania III or Iceland III. Mini-V tiers do not have RAM headroom for the rule set.
Step 1: Install
apt install suricata jq. Set HOME_NET in /etc/suricata/suricata.yaml to your VPS IP /32. suricata-update to pull ET Open rules.
Step 2: AF_PACKET Mode
In yaml, af-packet listening on your WAN interface. copy-mode: ips only if you want inline blocking - leave at default for IDS.
Step 3: EVE Output
Enable EVE JSON in yaml. /var/log/suricata/eve.json gets alerts, http, dns, tls per line.
Step 4: Telegram Alert
Cron every 5 min: tail -n 1000 eve.json | jq -r 'select(.event_type=="alert" and .alert.severity<=2)' piped to a Telegram bot. Use the alert dedup script from the anubiz monitoring docs.
Step 5: Tuning
Disable noisy categories you do not care about. suricata-update disable-conf. Ruleset size matters more than CPU for RAM.
Related Services
Why Anubiz Host
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.