next up previous contents
Next: Format Up: General Rule Options Previous: Examples   Contents

metadata

The metadata tag allows a rule writer to embed additional information about the rule, typically in a key-value format. Certain metadata keys and values have meaning to Snort and are listed in Table 3.3. Keys other than those listed in the table are effectively ignored by Snort and can be free-form, with a key and a value. Multiple keys are separated by a comma, while keys and values are separated by a space.


Table 3.3: Snort Metadata Keys
Key Description Value Format
engine Indicate a Shared Library Rule "shared"
soid Shared Library Rule Generator and SID gid$\vert$sid
service Target-Based Service Identifier "http"

Note:  

The service Metadata Key is only meaningful when a Host Atttribute Table is provided. When the value exactly matches the service ID as specified in the table, the rule is applied to that packet, otherwise, the rule is not applied (even if the ports specified in the rule match). See Section 2.7 for details on the Host Attribute Table.

.


Subsections
next up previous contents
Next: Format Up: General Rule Options Previous: Examples   Contents
Eugene Misnik 2013-05-08