What Makes Snort Lightweight?
Snort is described as lightweight for many reasons. First, Snort does not require a great deal of resources, thus allowing Snort sensors to be deployed on practically any server.
Snort is also cross-platform. This is important because you can use the same product, configuration, and knowledge and apply it to all of your servers in a consistent fashion. You do not need to use a different vendor's security monitor for different server platforms.
Snort's ruleset language is fairly compact and easier to learn, especially compared to many other NIDS languages. This allows for simple modifications to existing rulesets or easy creation of locally maintained custom rulesets. This low-barrier to ruleset authoring is often overlooked by many would-be security administrators who might otherwise rely on the vendor to supply all that they might need.
Snort is relatively small in its resource requirements, flexible in its configuration, easy to deploy, and truly cross-platform.