msg rule option is used to add a message describing the rule. The message should summarize the rule's purpose, and it will be outputted along with events generated by the rule.
This option takes just a single argument: a text string enclosed in double quotes that explains what kind of traffic the rule will match.
msg is typically the first one present in a Snort rule.
Note: Snort rules have a few reserved characters (e.g.,
;), and rule-writers must escape them with
\to use them in the rule's
msg:"SERVER-WEBAPP /etc/inetd.conf file access attempt";
msg:"Malicious file download attempt";