# Suricata IDS (syslog) In this guide, you will set up the Suricata IDS connector within Radiant in order to forward logs to Radiant. ### Prerequisites * [ ] Admin access to Suricata IDS. ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**. 3. Search for and select the **Radiant Agent** option and then click **Data** **Feeds.** 4. Under **Select your data feeds**, select **Suricata IDS** and click **Credentials**. 5. Under **Credential** **Name**, give your Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`). 6. Click **Add** **Connector**. ### Configure a local Radiant Security Agent Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs. ### Configure Suricata IDS to forward logs to the Radiant Security Log Collector The following is a suggested guide on how to configure Suricata and rsyslog to send logs to the Radiant Agent, feel free to use the syslog forwarding tool of your preference.\ Refer to the [official Suricata Documentation](https://docs.suricata.io/en/latest/output/index.html) for more details. {% hint style="info" %} In this configuration example we use the syslog facility `local0`, If you are already using it for another application, please replace it with an unused facility. {% endhint %} 1. Navigate to your Suricata **configuration file** (usually located at `/etc/suricata/suricata.yaml`) and add the following lines under the **Outputs** section: ``` - eve-log: enabled: yes filetype: syslog facility: local0 hostname: localhost ``` 3. Navigate the **Syslog configuration file** (e.g. /etc/rsyslog.conf) and add a line similar to the following: ``` local0.* @: ``` 4. Replace `` and `` with the actual private IP address and Port of the VM where Radiant Agent was installed. 5. Restart both Suricata IDS and Syslog services to apply the changes. ``` sudo systemctl restart suricata sudo systemctl restart rsyslog ```