General Rule Options

General rule options provide information about a rule, but they do not at all change what a given rule looks for in a packet. General options are not required for a rule, but it is strongly recommended that they are used to provide additional context for a rule should that rule ever generate an event.

Each general option is described in subsequent sections, but the following table lists each one for quick reference.

msgmsg sets the message to be printed out when a rule matches
referencereference is used to provide additional context to rules in the form of links to relevant attack identification systems
gidgid identifies the specific Snort component that generates a given event
sidsid identifies the unique signature number assigned to a given Snort rule
revrev identifies the particular revision number of a given Snort rule
classtypeclasstype assigns a classification to the rule to indicate the type of attack associated with an event
prioritypriority sets a severity level for appropriate event prioritizing
metadatametadata adds additional and arbitrary information to a rule in the form of name-value pairs
serviceservice sets the list of services to be associated with a given rule
remrem is used to convey an arbitrary comment in the rule body
file_metafile_meta is used to set the file metadata for a given file identification rule