The msg rule option is used to add a message describing the rule. The message should summarize the rule's purpose, and it will be outputted along with events generated by the rule.

This option takes just a single argument: a text string enclosed in double quotes that explains what kind of traffic the rule will match.

msg is typically the first one present in a Snort rule.

Note: Snort rules have a few reserved characters (e.g., ", ;), and rule-writers must escape them with \ to use them in the rule's msg option.




msg:"SERVER-WEBAPP /etc/inetd.conf file access attempt";
msg:"Malicious file download attempt";