Snort is a Network Intrusion Detection System (NIDS). It sniffs network traffic and generates IDS alerts.
In Security Onion, we compile Snort with PF-RING to allow you to spin up multiple instances to handle more traffic.
You can configure Snort via
/etc/nsm/HOSTNAME-INTERFACE/snort.conf (where HOSTNAME is your actual hostname and INTERFACE is your actual sniffing interface).
If you need to troubleshoot Snort, check the Snort log file(s)
HOSTNAME is your actual hostname,
INTERFACE is your actual sniffing interface, and
X represents the number of PF-RING instances).