The design of snort requires a sequential work in the preprocessors, detection engine and output plugins for each network packet generating an alert. To enhance the detection capabilities of snort it would be an advantage to decouple the output plugins from the snort process. This is one feature of the FLoP project.
The second target regards the collection of alerts generated by several sensors on one central server. On this server all alerts are inserted into one database for further processing, analyzing and/or archiving. The processes buffer all alerts until they are spooled to the central server or are inserted in the database.