One of Snort's real strengths are the options available for output of alerts and other detection information. While running tail -f on the alert file in /var/log/snort certainly lets you see that alerts that Snort generates, using that information effectively requires more horsepower. Many Snort administrators use third-party applications to monitor and investigate the information generated by Snort. To do this, Snort must output the data a particular format. The output plug-ins perform this task. Note that using some of these plug-ins require the administrator to take some steps at the time that Snort is compiled. For example, to allow Snort to output to a MySQL database, a MySQL client needs to be installed on the Snort system and the --with-mysql option must be specified with the ../configure command. Some of these options are only available on a particular platform. For instance, only a Windows system can log directly to Microsoft SQL Server with the mssql plug-in (Unix-based systems must use ODBC with the odbc plug-in).

Multiple output plug-ins can be enabled, allowing a variety of tools to be employed by Snort administrators.