Display Filter Reference: Snort Alerts
Protocol field name: snort
Versions: 2.4.0 to 3.4.5
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| snort.alert.expert | Snort alert detected | Label | 2.4.0 to 3.4.5 |
| snort.class | Alert Classification | Character string | 2.4.0 to 3.4.5 |
| snort.content | Content | Character string | 2.4.0 to 3.4.5 |
| snort.content.not-matched | Failed to find content field of alert in frame | Label | 2.4.0 to 3.4.5 |
| snort.generator | Rule Generator | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.global-stats | Global Stats | Character string | 2.4.0 to 3.4.5 |
| snort.global-stats.match-number | Match number | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.global-stats.rule-count | Number of rules | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.global-stats.rule-file-count | Number of rule files | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.global-stats.rule.alerts-count | Number of alerts for this rule | Unsigned integer, 4 bytes | 3.4.0 to 3.4.5 |
| snort.global-stats.rule.match-number | Match number for this rule | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.global-stats.total-alerts | Number of alerts detected | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.msg | Alert Message | Character string | 2.4.0 to 3.4.5 |
| snort.pcre | PCRE | Character string | 2.4.0 to 3.4.5 |
| snort.priority | Alert Priority | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.protocol | Protocol | Character string | 2.4.0 to 3.4.5 |
| snort.raw-alert | Raw Alert | Character string | 2.4.0 to 3.4.5 |
| snort.reassembled_from | Segment where alert was triggered | Frame number | 2.4.0 to 3.4.5 |
| snort.reassembled_in | Reassembled frame where alert is shown | Frame number | 2.4.0 to 3.4.5 |
| snort.reference | Reference | Character string | 2.4.0 to 3.4.5 |
| snort.rev | Rule Revision | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.rule | Rule | Character string | 2.4.0 to 3.4.5 |
| snort.rule-filename | Rule Filename | Character string | 2.4.0 to 3.4.5 |
| snort.rule-ip-var | IP variable | Label | 2.4.0 to 3.4.5 |
| snort.rule-line-number | Line number within rules file where rule was parsed from | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.rule-port-var | Port variable used in rule | Label | 2.4.0 to 3.4.5 |
| snort.rule-string | Rule String | Character string | 2.4.0 to 3.4.5 |
| snort.sid | Rule SID | Unsigned integer, 4 bytes | 2.4.0 to 3.4.5 |
| snort.uricontent | URI Content | Character string | 2.4.0 to 3.4.5 |
Go Beyond with Riverbed Technology
I have a lot of traffic...
ANSWER: SteelCentral™ AppResponse 11
- • Full stack analysis – from packets to pages
- • Rich performance metrics & pre-defined insights for fast problem identification/resolution
- • Modular, flexible solution for deeply-analyzing network & application performance