Suricata

Not sure. For a long time we added all options to the default yaml, but we've started to change our mind a bit on that. The default yaml is huge and quite intimidating to new users. So perhaps the lesser used options should just be in the user guide.

I do agree that a too big configuration file, do tend to be a bit intimidating, but then again I also like to know all the options available. Which sometimes can be a bit hard to get out of the docs.
Not saying that I'm missing anything from the docs =)

"All" the Elastic products ships with both a simple config file and then a full one with all the possible options, so one that will easily get you up and running and one that includes all the possible settings that you can use but requires a bit more work to understand. Could that be a way forward?

I think it could, yes. The only concern is that I don't want to maintain multiple versions. So we'd have to use some kind of template or generator so that we can maintain a single master file.

@Jason Ish do you have an idea for a template generator for that case?

As an alternative we could add links to the documentation into the config?

Andreas Herz wrote:

@Jason Ish do you have an idea for a template generator for that case?

As an alternative we could add links to the documentation into the config?

No ideas for a generator here. The idea is that the doc is complete, while the default config is the most common options. It means keeping 2 things in sync. Not ideal, and I don't think there is a trivial solution.