Suricata » Suricata-Update

I might need some more examples of what you are trying to do in order to help out. But the thresholding support is not used at all by default. Unless you have a need for the expansion of regular expressions it can do, I recomment not using suricata-update for your threshold.conf.

Jason Ish wrote in #note-1:

I might need some more examples of what you are trying to do in order to help out. But the thresholding support is not used at all by default. Unless you have a need for the expansion of regular expressions it can do, I recomment not using suricata-update for your threshold.conf.

What I mean instead of using --threshold-in and --threshold-out arguments for suricata update if there is something automatic (like for disable-conf ecc...) inside the update.yaml file.

Of course this is the case for regex, in this particular case I'm trying to threshold all the stream-event.

Thank you

Victor Julien wrote in #note-4:

Seems the feature request is for threshold be handled at a default location?

Hi Victor, sorry but I don't remember the use case really well.
Reading previous messages I guess that: setting the threshold-in and threshold-out is needed to set them from the command line, could be more usefull to set them in the suricata.yaml.

Answering your question: the request is not to set a default file/location for these files but to be able to declare the files in suricata.yaml.

Thanks