their intelligence for creating a rule combined with a judgement on how often
a rule will alert.
+Thresholds are tracked in a hash table that is sized according to configuration, see:
+:ref:`suricata-yaml-thresholds`.
+
Threshold Config
----------------
prefilter:
default: auto
+.. _suricata-yaml-thresholds:
+
+Thresholding Settings
+~~~~~~~~~~~~~~~~~~~~~
+
+Thresholding uses a central hash table for tracking thresholds of the types: by_src, by_dst, by_both.
+
+::
+
+ detect:
+ thresholds:
+ hash-size: 16384
+ memcap: 16mb
+
+``detect.thresholds.hash-size`` controls the number of hash rows in the hash table.
+``detect.thresholds.memcap`` controls how much memory can be used for the hash table and the data stored in it.
Pattern matcher settings
~~~~~~~~~~~~~~~~~~~~~~~~
Thresholding can be configured per rule and also globally, see
:doc:`../configuration/global-thresholds`.
+Thresholds are tracked in a hash table that is sized according to configuration, see:
+:ref:`suricata-yaml-thresholds`.
+
*Note: mixing rule and global thresholds is not supported in 1.3 and
before. See bug #425.* For the state of the support in 1.4 see
:ref:`global-thresholds-vs-rule-thresholds`
projects / thirdparty / suricata.git / commitdiff
