doc/userguide: explain packet-alert-max config

author Juliana Fajardini <jufajardini@gmail.com>

Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)

committer Victor Julien <vjulien@oisf.net>

Tue, 3 May 2022 07:10:02 +0000 (09:10 +0200)
author Juliana Fajardini <jufajardini@gmail.com>
Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)
committer Victor Julien <vjulien@oisf.net>
Tue, 3 May 2022 07:10:02 +0000 (09:10 +0200)
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst

index 1b97295122bde1b7f92c93210cee35d004162c2b..c62437e5efcf7685f43d463705971a569a49c982 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -145,6 +145,21 @@ is: pass, drop, reject, alert.
  This means a pass rule is considered before a drop rule, a drop rule
  before a reject rule and so on.
  
+Packet alert queue settings
+---------------------------
+
+It is possible to configure the size of the alerts queue that is used to append alerts triggered by each packet.
+
+This will influence how many alerts would be perceived to have matched against a given packet.
+The default value is 15. If an invalid setting or no value is provided, the engine will fall
+back to the default.
+
+::
+
+    #Define maximum number of possible alerts that can be triggered for the same
+    # packet. Default is 15
+    packet-alert-max: 15
+
  Splitting configuration in multiple files
  -----------------------------------------
author	Juliana Fajardini <jufajardini@gmail.com>
	Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 3 May 2022 07:10:02 +0000 (09:10 +0200)