Suricata

Hi All,
This is Josh from the Security Onion team. We have recently upgraded to 6.0.1, and a user has reported an issue (https://github.com/Security-Onion-Solutions/securityonion/discussions/3248) with a character limit for the IP in thresholding.conf that didn't exist previously.

Previously, the following rule would work:
suppress gen_id 1, sig_id 2100371, track by_dst, ip 1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4,5.5.5.5,6.6.6.6,7.7.7.7,81.8.8.8

However, on 6.0.1, we receive an error in the log when running the same rule:
<Error> - [ERRCODE: SC_ERR_PCRE_COPY_SUBSTRING(325)] - pcre_copy_substring failed

Any insight on this issue would be greatly appreciated.

Thank you.