You have a specific requirement for the output of Snort, and none of the existing output methods can solve your problem.
Write your own output plug-in. Snort's modularity allows developers to easily create modules to interface with Snort, so take the time to write (or get someone else to write) your own output plug-in.
You could write a small utility to interface with the alert_unixsock output plug-in, or if you don't require real-time alerting, you could write a script to parse the normal Snort logfiles to the format that you require.
Parsing Snort logfiles is quite a simple task in the scripting language of your choice. Perl, Sed, Awk, Python, and Shell are all acceptable, as are hundreds of others. Choose the one with which you are most comfortable.
Listening out for Unix socket alerts is also a relatively simple taskwe have provided, in the recipe Recipe 2.23, a Perl socket listeneryou can then do what you wish with the output, feeding it in whatever format you require into the program of your choice.
The final, most complex and time consuming solution is to write your own output plug-in from scratch. For this, you are really restricted to C, although I'm sure that many people will be able to link other programming languages in with Snort with some effort. If you intend to follow the route of writing your own plug-ins, you should make a detailed examination of the existing output plug-ins that are provided with Snort in the /src/output-plugins directory. These include both the C source and header files for each of the standard output plug-ins. You can copy the template of one of these and make the changes as are necessary to enable your application.
Beale, Jay. Snort 2.1 Intrusion Detection. Rockland, MA: Syngress, 2004.
Miscellaneous Other Uses
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance