When you fire off snort, use the flag -i to select the device name. You can also go into your snort.conf and search for the string 'database'. It will give you a few 'suggestions' for options, usually to a mysql database. You could then use something like stunnel to send the encrypted database entries to a central mysql server.

Neb