Configuration of snort for internal LAN

[Phil Petruzzo <phil.petruzzo () mirant com>]

Hi,
 
I've recently installed snort/mysql systems on my corporate LAN and was
wondering if anyone knew of a good document for configuring rules and such
for this type of environment.  Using the default rules on an internal LAN
creates many many false positives, leading me to disable many rules.  If
anyone has suggestions/documents of best practices for internal sensor
placement that would be great.  Eventually I will be placing a snort sensor
in my DMZ which should be configured closer to the default set of rules,
which should be easier to do.  Thanks for you help.
 
Phil