Alerting via Output Plug-ins

Snort's output plug-ins are the means Snort has to get intrusion data from the detection engine to you. Like its preprocessors, Snort's outputting functionality is modular and plugable. Different skill levels, network configurations, and personal preferences will dictate which outputting mechanism is right for you. Snort supports everything from a raw binary tcpdump output to various relational database outputs.

Snort's outputs are not intended to be human-readable. They are logged in various formats that make intrusion data readily accessible to other applications or tools. Outputting can be done in these formats:

  • syslog

  • cpdump

  • Text Logfile

  • XML

  • Relational database

  • SNMP

  • Snort Unified

This gives the user freedom of choice ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.