IDS: Suricata or Snort on Omnia?

I’ve upgraded to TurrisOS 4 and it’s been awesome for me (great work Turris team!). Naturally with it being based on OpenWRT 18 it has opened up more options in terms of software.

I am aware that Suricata is being used together with Pakon to give us more network information in Foris. So question 1 is Suricata (as it exists on Omnia) being used as an intruder detection system?

If not, (question 2) can I run another instance of Suricata for IDS, or (question 3) can i install and run Snort?

Thanks and any opinions and advises are greatly appreciated!

On 4.0.X the Suricata instance created for Pakon is suitable for IDS and is a little more mature in that it pulls the latest emerging threat rules on each start. I manually installed suricata-monitor to deliver emails when the ET rules were triggered and also updated the threshold.cfg file to manage the false alarms ( or the ‘don’t care’ ones ).

All good so far. No need for second instance.