Snort's output plug-ins are the means Snort has to get intrusion data from the detection engine to you. Like its preprocessors, Snort's outputting functionality is modular and plugable. Different skill levels, network configurations, and personal preferences will dictate which outputting mechanism is right for you. Snort supports everything from a raw binary tcpdump output to various relational database outputs.
Snort's outputs are not intended to be human-readable. They are logged in various formats that make intrusion data readily accessible to other applications or tools. Outputting can be done in these formats:
This gives the user freedom of choice ...