Optimal configuration and tuning
In the previous section, we discussed the importance of configuring the Snort system for the network environment where it will be operating. However, the Snort configuration is complex and consists of hundreds of parameters and settings. It is almost impossible to get the optimal configuration setting for any environment on the first attempt. Thus, the process of arriving at the optimal configuration for Snort in any network environment is a process. This process of continually making changes in order to improve the effectiveness and efficiency of the Snort system is called tuning.
In addition, the network itself is not a static object. The network also undergoes changes as time passes. Thus, there is a need to continually tune the Snort configuration to aim for the optimal configuration.
In the next section, we shall discuss the topic of having more than one configuration for Snort.
