doc/userguide: explain packet-alert-max config

author Juliana Fajardini <jufajardini@gmail.com>

Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)

committer Victor Julien <vjulien@oisf.net>

Fri, 3 Jun 2022 09:55:42 +0000 (11:55 +0200)
author Juliana Fajardini <jufajardini@gmail.com>
Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)
committer Victor Julien <vjulien@oisf.net>
Fri, 3 Jun 2022 09:55:42 +0000 (11:55 +0200)
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst

index 21fd4ac031d531698b5daffcfe4f827ee9437a26..8e56b2000a53ba07a977c2f4b6092baac7532ed2 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -145,6 +145,21 @@ is: pass, drop, reject, alert.
  This means a pass rule is considered before a drop rule, a drop rule
  before a reject rule and so on.
  
+Packet alert queue settings
+---------------------------
+
+It is possible to configure the size of the alerts queue that is used to append alerts triggered by each packet.
+
+This will influence how many alerts would be perceived to have matched against a given packet.
+The default value is 15. If an invalid setting or no value is provided, the engine will fall
+back to the default.
+
+::
+
+    #Define maximum number of possible alerts that can be triggered for the same
+    # packet. Default is 15
+    packet-alert-max: 15
+
  Splitting configuration in multiple files
  -----------------------------------------
author	Juliana Fajardini <jufajardini@gmail.com>
	Wed, 6 Apr 2022 14:54:52 +0000 (11:54 -0300)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 3 Jun 2022 09:55:42 +0000 (11:55 +0200)