doc/userguide: explain packet-alert-max config

author Juliana Fajardini <jufajardini@gmail.com>

Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)

committer Victor Julien <vjulien@oisf.net>

Sat, 30 Apr 2022 05:58:39 +0000 (07:58 +0200)
author Juliana Fajardini <jufajardini@gmail.com>
Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)
committer Victor Julien <vjulien@oisf.net>
Sat, 30 Apr 2022 05:58:39 +0000 (07:58 +0200)
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst

index f4783199fa95aefb20be7d3acb683db528eb0df3..60ff51e799850fb62a2844d6ec2009cdd24bf20a 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -145,6 +145,21 @@ is: pass, drop, reject, alert.
  This means a pass rule is considered before a drop rule, a drop rule
  before a reject rule and so on.
  
+Packet alert queue settings
+---------------------------
+
+It is possible to configure the size of the alerts queue that is used to append alerts triggered by each packet.
+
+This will influence how many alerts would be perceived to have matched against a given packet.
+The default value is 15. If an invalid setting or no value is provided, the engine will fall
+back to the default.
+
+::
+
+    #Define maximum number of possible alerts that can be triggered for the same
+    # packet. Default is 15
+    packet-alert-max: 15
+
  Splitting configuration in multiple files
  -----------------------------------------
author	Juliana Fajardini <jufajardini@gmail.com>
	Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)
committer	Victor Julien <vjulien@oisf.net>
	Sat, 30 Apr 2022 05:58:39 +0000 (07:58 +0200)