The powerful combination of Suricata and Telegraf enables network security monitoring by providing real-time insight into the performance of a security engine, detecting attacks in networks that could lead to significant losses from bandwidth consumption, data theft, to spam and ransomware. Suricata is an open-source security engine capable of real-time intrusion detection, inline intrusion prevention, network security monitoring, and offline packet capture processing. It offers features such as multi-threading, which allows it to scale horizontally and distribute the workload across multiple CPUs. Telegraf's Suricata Input Plugin collects internal performance metrics from Suricata, including captured traffic volume, memory usage, uptime, flow counters, and other key statistics. The plugin enables users to gain real-time insight into their security engine's performance and make adjustments as needed. Proper configuration of the Suricata Input Plugin involves specifying a Unix socket location for data delivery, which may differ between Suricata configurations and Telegraf settings. In this case, the difference in socket locations is due to the operating system and environment used by OPNsense 20 (Keen Kinfisher). The issue with Telegraf being unable to read from the socket is likely caused by the address already being in use, which can be resolved by adjusting the socket location or using alternative methods to access the data.