====== IDS - Snort - Snort Rule Format ======

===== Snort Rule Header =====

|Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port|

<WRAP info>
**NOTE:**  

  * Action:
    * **alert**:  Display an alert.
    * **log**:  Write to Log.
    * **pass**:  Pass.
  * Direction:
    * **->**:  Inwards.
    * **<-**:  Outwards.
    * **<>**:  Either direction.

</WRAP>




----

===== Sample Rule =====

<code>
alert tcp any any -> any any(msg: "Testing Alert" ; sid:1000001)

alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected";sid:100010)

log tcp !192.168.0/24 any -> 192.168.0.33 (msg: "Remote access" ; )

log tcp any any -> 192.168.1.0/24 !6000:6010
</code>

<WRAP info>
**NOTE:**  This is comprised of the:

  * Rule Header:
  * Rule Option:

</WRAP>