Suricata with OSSIM

OSSIM is a widely used Open Source SIEM.
You can download OSSIM from here -

After you install OSSIM , you would need to do a Suricata installation the usual way.
Make sure you have unified2 and http.log enabled:
Edit /etc/suricata/suricata.yaml :

  - unified2-alert:
      enabled: yes

  - http-log:
      enabled: yes
      filename: http.log
      append: yes
      extended: yes

After that I followed the guide (suricata-install.txt) with the files provided here -

and it worked without a problem.

Basically what you have to do is (once you download the files, from the link provided above) -

cp suricata-http.cfg /etc/ossim/agent/plugins/
cp suricata.cfg /etc/ossim/agent/plugins/
cp /usar/share/ossim/agent/ossim_agent/
ossim-db < suricata-http.sql

Edit /etc/ossim/agetn/config.cfg and add the following lines:

/etc/init.d/ossim-agent restart