userguide: explain alert queue behavior and stats
Added sections along packet-alert-max config section explaining
packet alert queue overflow (when Suri reaches packet alert max), when
alerts are discarded etc.
Since from the user perspective it shouldn't matter how we process the
alert queue, the term "replace" is used, even though there's not exactly
a replacing action happening, with the queue bein pre-processed before
being appended to the Packet.
Also described the associated stats and added an explanation on when to
change packet-alert-max.
Task #5178
(cherry picked from commit
1956dc3d5da5dfdc55e0f8304e815b99bd7567e4)
projects / thirdparty / suricata.git / commit
