Rules Background

Rules consist of a pattern and a command.
The contents of each network packet is checked against the pattern of each rule, and if it matches, the command of that rule is carried out. Such a command could involve warning the network administrator or just logging the network packet.
Check out 'snort-sid-template' and http://www.snort.org/cgi-bin/sigs-search.cgi?