====== IDS - Snort - Snort Rule Format ====== ===== Snort Rule Header ===== |Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port| **NOTE:** * Action: * **alert**: Display an alert. * **log**: Write to Log. * **pass**: Pass. * Direction: * **->**: Inwards. * **<-**: Outwards. * **<>**: Either direction. ---- ===== Sample Rule ===== alert tcp any any -> any any(msg: "Testing Alert" ; sid:1000001) alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected";sid:100010) log tcp !192.168.0/24 any -> 192.168.0.33 (msg: "Remote access" ; ) log tcp any any -> 192.168.1.0/24 !6000:6010 **NOTE:** This is comprised of the: * Rule Header: * Rule Option: