| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: Payload Detection Rule Options Up: General Rule Options Previous: Format Contents
General Rule Quick Reference
| Keyword | Description |
| msg | The msg keyword tells the logging and alerting engine the message to print with the packet dump or alert. |
| reference | The reference keyword allows rules to include references to external attack identification systems. |
| gid | The gid keyword (generator id) is used to identify what part of Snort generates the event when a particular rule fires. |
| sid | The sid keyword is used to uniquely identify Snort rules. |
| rev | The rev keyword is used to uniquely identify revisions of Snort rules. |
| classtype | The classtype keyword is used to categorize a rule as detecting an attack that is part of a more general type of attack class. |
| priority | The priority keyword assigns a severity level to rules. |
| metadata | The metadata keyword allows a rule writer to embed additional information about the rule, typically in a key-value format. |
Next: Payload Detection Rule Options Up: General Rule Options Previous: Format Contents Steven Sturges 2007-10-04
| site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |