doc/userguide: document host table yaml settings

author Victor Julien <vjulien@oisf.net>

Wed, 15 Nov 2023 09:13:14 +0000 (10:13 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 17 Nov 2023 15:25:14 +0000 (16:25 +0100)
author Victor Julien <vjulien@oisf.net>
Wed, 15 Nov 2023 09:13:14 +0000 (10:13 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 17 Nov 2023 15:25:14 +0000 (16:25 +0100)
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst

index c19ed48b3d0ea75c522fe28d24b2d7ad3b7ccad3..0b39705d896bd4882290d73d43c346c7e2dc45bd 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1256,6 +1256,37 @@ network inspection.
  
  .. image:: suricata-yaml/IDS_chunk_size.png
  
+
+Host Tracking
+-------------
+
+.. _suricata-yaml-host-settings:
+
+
+The Host table is used for tracking per IP address. This is used for tracking
+per IP thresholding, per IP tagging, storing `iprep` data and storing `hostbit`.
+
+Settings
+~~~~~~~~
+
+The configuration allows specifying the following settings: `hash-size`,  `prealloc` and `memcap`.
+
+.. code-block:: yaml
+
+    host:
+      hash-size: 4096
+      prealloc: 1000
+      memcap: 32mb
+
+* `hash-size`: size of the hash table in number of rows
+* `prealloc`: number of `Host` objects preallocated for efficiency
+* `memcap`: max memory use for hosts, including the hash table size
+
+Hosts are evicted from the hash table by the Flow Manager thread when all
+data in the host is expired (tag, threshold, etc). Hosts with iprep will
+not expire.
+
+
  Application Layer Parsers
  -------------------------
author	Victor Julien <vjulien@oisf.net>
	Wed, 15 Nov 2023 09:13:14 +0000 (10:13 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 17 Nov 2023 15:25:14 +0000 (16:25 +0100)