next up previous contents
Next: Format Up: General Rule Options Previous: Example   Contents


The sid keyword is used to uniquely identify Snort rules. This information allows output plugins to identify rules easily. This option should be used with the rev keyword. (See section 3.4.5)

The file contains a mapping of alert messages to Snort rule IDs. This information is useful when post-processing alert to map an ID to an alert message.


Eugene Misnik 2013-05-08