From: Juliana Fajardini <jufajardini@gmail.com>
Date: Wed, 6 Apr 2022 14:54:52 +0000 (-0300)
Subject: doc/userguide: explain packet-alert-max config
X-Git-Tag: suricata-6.0.6~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a1a439bd6533c5f6bfaca0ca69c8a7c28d8fc6d;p=thirdparty%2Fsuricata.git

doc/userguide: explain packet-alert-max config

Task #4207

(cherry picked from commit 49542d0f1bb35d889f798a50c04f4a257b816695)
---

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index 1b97295122..c62437e5ef 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -145,6 +145,21 @@ is: pass, drop, reject, alert.
 This means a pass rule is considered before a drop rule, a drop rule
 before a reject rule and so on.
 
+Packet alert queue settings
+---------------------------
+
+It is possible to configure the size of the alerts queue that is used to append alerts triggered by each packet.
+
+This will influence how many alerts would be perceived to have matched against a given packet.
+The default value is 15. If an invalid setting or no value is provided, the engine will fall
+back to the default.
+
+::
+
+    #Define maximum number of possible alerts that can be triggered for the same
+    # packet. Default is 15
+    packet-alert-max: 15
+
 Splitting configuration in multiple files
 -----------------------------------------