Official certification from the Wireshark Foundation is available! Learn about becoming a Wireshark Certified Analyst.

Display Filter Reference: Snort Alerts

Protocol field name: snort

Versions: 2.4.0 to 4.6.0

Back to Display Filter Reference

Field name Description Type Versions
snort.alert.expertSnort alert detectedLabel2.4.0 to 4.6.0
snort.classAlert ClassificationCharacter string2.4.0 to 4.6.0
snort.contentContentCharacter string2.4.0 to 4.6.0
snort.content.not-matchedFailed to find content field of alert in frameLabel2.4.0 to 4.6.0
snort.generatorRule GeneratorUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.global-statsGlobal StatsCharacter string2.4.0 to 4.6.0
snort.global-stats.match-numberMatch numberUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.global-stats.rule-countNumber of rulesUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.global-stats.rule-file-countNumber of rule filesUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.global-stats.rule.alerts-countNumber of alerts for this ruleUnsigned integer (32 bits)3.4.0 to 4.6.0
snort.global-stats.rule.match-numberMatch number for this ruleUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.global-stats.total-alertsNumber of alerts detectedUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.msgAlert MessageCharacter string2.4.0 to 4.6.0
snort.pcrePCRECharacter string2.4.0 to 4.6.0
snort.priorityAlert PriorityUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.protocolProtocolCharacter string2.4.0 to 4.6.0
snort.raw-alertRaw AlertCharacter string2.4.0 to 4.6.0
snort.reassembled_fromSegment where alert was triggeredFrame number2.4.0 to 4.6.0
snort.reassembled_inReassembled frame where alert is shownFrame number2.4.0 to 4.6.0
snort.referenceReferenceCharacter string2.4.0 to 4.6.0
snort.revRule RevisionUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.ruleRuleCharacter string2.4.0 to 4.6.0
snort.rule-filenameRule FilenameCharacter string2.4.0 to 4.6.0
snort.rule-ip-varIP variableLabel2.4.0 to 4.6.0
snort.rule-line-numberLine number within rules file where rule was parsed fromUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.rule-port-varPort variable used in ruleLabel2.4.0 to 4.6.0
snort.rule-stringRule StringCharacter string2.4.0 to 4.6.0
snort.sidRule SIDUnsigned integer (32 bits)2.4.0 to 4.6.0
snort.uricontentURI ContentCharacter string2.4.0 to 4.6.0