I think the most highly recommended book on it is Snort 2.0 -
http://www.amazon.com/Snort-Intrusion-Detection-Brian-Caswell/dp/1931836744
and of course the manual on Snort's website. Realistically, it's a sizeable sector of the netsec industry, basically half of the job of a netsec analyst outside regular corporate office tasks - checking the alerts of the ids sensor for false positives and tuning the rules to better fit the environment, and then investigating the alerts that aren't false positives.