userguide: minor rewording and typo fixes

Some of these were recently introduced, some were highlited after the applayer sections got merged. Some paragraphs seem to have been changed due to trying to respect character limits for lines. Also includes a typo pointed out by one of our community members via Discord.
3 years ago · 6f294f2f2d
parent 9d9bc04886
commit 6f294f2f2d
2 changed files with 14 additions and 15 deletions
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@ -993,7 +993,7 @@ and prealloc for the following:

 The flow-engine has a management thread that operates independent from
 the packet processing. This thread is called the flow-manager. This
-thread ensures that wherever possible and within the memcap. there
+thread ensures that wherever possible and within the memcap. There
 will be 10000 flows prepared.

 In IPS mode, a memcap-policy exception policy can be set, telling Suricata
@ -1251,13 +1251,13 @@ Application Layer Parsers

 The ``app-layer`` section holds application layer specific configurations.

-A in IPS mode, a global exception policy accessed via the ``error-policy``
+In IPS mode, a global exception policy accessed via the ``error-policy``
 setting can be defined to indicate what the engine should do in case if
 encounters an app-layer error. Possible values are "drop-flow", "pass-flow",
-"bypass", "drop-packet", "pass-packet", "reject" or "ignore" (which will mean
-keeping the default behavior).
+"bypass", "drop-packet", "pass-packet", "reject" or "ignore" (which maintains
+the default behavior).

-Each supported protocol will have a dedicated subsection under ``protocols``.
+Each supported protocol has a dedicated subsection under ``protocols``.

 Asn1_max_frames (new in 1.0.3 and 1.1)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -1684,15 +1684,14 @@ unlimited.
 MQTT
 ~~~~

-MQTT messages could theoretically be up to 256MB in size, potentially
-containing a lot of payload data (such as properties, topics, or
-published payloads) that would end up parsed and logged. To acknowledge
-the fact that most MQTT messages, however, will be quite small and to
-reduce the potential for denial of service issues, it is possible to limit
-the maximum length of a message that we are willing to parse. Any message
-larger than the limit will just be logged with reduced metadata, and rules
-will only be evaluated against a subset of fields.
-The default is 1 MB.
+The maximum size of a MQTT message is 256MB, potentially containing a lot of
+payload data (such as properties, topics, or published payloads) that would end
+up parsed and logged. To acknowledge the fact that most MQTT messages, however,
+will be quite small and to reduce the potential for denial of service issues,
+it is possible to limit the maximum length of a message that Suricata should
+parse. Any message larger than the limit will just be logged with reduced
+metadata, and rules will only be evaluated against a subset of fields. The
+default is 1 MB.

 ::

--- a/doc/userguide/setting-up-ipsinline-for-linux.rst
+++ b/doc/userguide/setting-up-ipsinline-for-linux.rst
@ -17,7 +17,7 @@ To check if you have NFQ enabled in your Suricata build, enter the following com

  suricata --build-info

-and make sure that NFS is listed in the output.
+and make sure that NFQ is listed in the output.

 To run Suricata with the NFQ mode, you have to make use of the ``-q`` option. This
 option tells Suricata which queue numbers it should use.