O'Reilly logo

Intrusion Detection Systems with Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID by Rafeeq Ur Rehman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

3.5. Rule Headers

As mentioned earlier, a rule header consists of the section of the rule before starting parentheses and has many parts. Let us take a detailed look at different parts used in the rule header, starting with rule actions.

3.5.1. Rule Actions

The action is the first part of a Snort rule. It shows what action will be taken when rule conditions are met. An action is taken only when all of the conditions mentioned in a rule are true. There are five predefined actions. However, you can also define your own actions as needed. As a precaution, keep in mind that Snort versions 1.x and 2.x apply rules in different ways. In Snort 1.x, if multiple rules match a given packet, only the first one is applied. After applying the first rule, no ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required