If you want a signature that fires on any SYN packet being sent to a certain host, you can use the atomic.tcp engine. You will need to write a signature for any packet with the SYN flag set and then use filters to filter out the alarms for the host you are concerned with. If this is not what you are looking for, can you please clarify what you are trying to trigger on.