From af7f4b347d04bfff2c5ca2075e288f2009a65c78 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 26 Sep 2012 11:42:53 +0200
Subject: [PATCH] threshold: improve comments of shipped threshold.config, add
 links to wiki.

---
 threshold.config | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/threshold.config b/threshold.config
index fadc486a2d..4f0ac7cd10 100644
--- a/threshold.config
+++ b/threshold.config
@@ -4,10 +4,20 @@
 # Thresholding commands limit the number of times a particular event is logged
 # during a specified time interval.
 #
-# Please note that thresholding can also be set inside signature.
-#
 # The syntax is the following:
-# (threshold|suppress) gen_id gen_id, sig_id sig_id, type (limit|threshold|both), track (by_src|by_dst), count n seconds
+#
+# threshold gen_id <gen_id>, sig_id <sig_id>, type <limit|threshold|both>, track <by_src|by_dst>, count <n>, seconds <t>
+#
+# event_filter gen_id <gen_id>, sig_id <sig_id>, type <limit|threshold|both>, track <by_src|by_dst>, count <n>, seconds <t>
+#
+# suppress gen_id <gid>, sig_id <sid>
+# suppress gen_id <gid>, sig_id <sid>, track <by_src|by_dst>, ip <ip|subnet>
+#
+# The options are documented at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds
+#
+# Please note that thresholding can also be set inside a signature. The interaction between rule based thresholds
+# and global thresholds is documented here:
+# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds#Global-thresholds-vs-rule-thresholds
 
 # Limit to 10 alerts every 10 seconds for each source host
 #threshold gen_id 0, sig_id 0, type threshold, track by_src, count 10, seconds 10