Hello,

For whoever yned snort through threshold.conf: at first glance it seems that suricata is not able to understand all suppression syntax used by snort.

Ex of suricata error for the syntax ‘![]’

suricata: [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string , track by_dst, ip ![1.1.1.1,8.8.8.8]

Moving snort threshold.comf to suricata threshold.config might generate such pcre parsing errors.

Hope it helps!

Horace