From c5be44957ec26a67fcdd7528cd4101062eb71fda Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Wed, 15 Nov 2023 10:13:14 +0100
Subject: [PATCH] doc/userguide: document host table yaml settings

(cherry picked from commit 4a02a14df1be3821042b1c60e3722b114d26fa14)
---
 doc/userguide/configuration/suricata-yaml.rst | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index c19ed48b3d0e..0b39705d896b 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1256,6 +1256,37 @@ network inspection.
 
 .. image:: suricata-yaml/IDS_chunk_size.png
 
+
+Host Tracking
+-------------
+
+.. _suricata-yaml-host-settings:
+
+
+The Host table is used for tracking per IP address. This is used for tracking
+per IP thresholding, per IP tagging, storing `iprep` data and storing `hostbit`.
+
+Settings
+~~~~~~~~
+
+The configuration allows specifying the following settings: `hash-size`,  `prealloc` and `memcap`.
+
+.. code-block:: yaml
+
+    host:
+      hash-size: 4096
+      prealloc: 1000
+      memcap: 32mb
+
+* `hash-size`: size of the hash table in number of rows
+* `prealloc`: number of `Host` objects preallocated for efficiency
+* `memcap`: max memory use for hosts, including the hash table size
+
+Hosts are evicted from the hash table by the Flow Manager thread when all
+data in the host is expired (tag, threshold, etc). Hosts with iprep will
+not expire.
+
+
 Application Layer Parsers
 -------------------------