Alerting via Output Plug-ins
Snort's output plug-ins are the means Snort has to get intrusion data from the detection engine to you. Like its preprocessors, Snort's outputting functionality is modular and plugable. Different skill levels, network configurations, and personal preferences will dictate which outputting mechanism is right for you. Snort supports everything from a raw binary tcpdump output to various relational database outputs.
Snort's outputs are not intended to be human-readable. They are logged in various formats that make intrusion data readily accessible to other applications or tools. Outputting can be done in these formats:
syslog
cpdump
Text Logfile
XML
Relational database
SNMP
Snort Unified
This gives the user freedom of choice ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.