ids:snort:snort_rule_format
Table of Contents
IDS - Snort - Snort Rule Format
Snort Rule Header
| Action | Protocol | Source Address | Source Port | Direction | Destination Address | Destination Port |
NOTE:
- Action:
- alert: Display an alert.
- log: Write to Log.
- pass: Pass.
- Direction:
- →: Inwards.
- ←: Outwards.
- <>: Either direction.
Sample Rule
alert tcp any any -> any any(msg: "Testing Alert" ; sid:1000001) alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected";sid:100010) log tcp !192.168.0/24 any -> 192.168.0.33 (msg: "Remote access" ; ) log tcp any any -> 192.168.1.0/24 !6000:6010
NOTE: This is comprised of the:
- Rule Header:
- Rule Option:
ids/snort/snort_rule_format.txt · Last modified: 2021/07/26 08:46 by peter