Q. What format does Suricata output events into?
Q. What rulesets does Suricata use?
Q. Will I have to rewrite all of my local rules?
A. No. You can continue to use the same local rules and commercial/community rules you've been using with Snort. However, we recommend a Suricata optimized ruleset to take advantage of all the engine has to offer.
Q. How do I manage Events generated by Suricata?