/var/log/suricata/fast.log full because of a rules
I try to understand a rules in suricata, it is :
emerging-scan.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 3306 (msg:"ET SCAN Suspicious inbound to mySQL port 3306"; flow:to_server; flags:S; threshold: type limit, count 5, seconds 60, track by_src; metadata: former_category POLICY; reference:url,doc.emergingthreats.net/2010937; classtype:bad-unknown; sid:2010937; rev:3; metadata:created_at 2010_07_30, updated_at 2018_03_27;)
because in my /var/log/suricata/fast.log is full because of this rules, and I don't understant what is is this rules exaclty.
I try a tcpdump for tcp syn packet and port 3306 and I don't have a 5 packet in 60 seconds