What is a plugin? A plugin is a piece of code (written to comply to a particular API) which extends the capability of snort. Plugins provide the ability to make snort do new and interesting things without directly modifying the internal architecture.
Types of plugins. There are currently three type of plugins available in snort. They are preprocessor plugins, detection plugins, and output plugins. Each of these acts at a different point in the detection scheme. The detection scheme of snort has three basic parts: packet capture, rule matching, and data output. The preprocessor plugins work on packets before they are passed to the detection engine. The detection plugins are employed as part of the rules used to match packets. The output plugins work with either the alert messages or the packets to be logged.