Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.
snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog file. It is designed to be used for daily e-mail reports to the system administrators All reports contain priority information (if used with Snort 1.8+), and the HTML output contains direct links to the IDS descriptions of snort.org.
sntm (Snort Monitor) is a Qt-based GUI snort monitor. It is capable of monitoring multiple snort sensors in a centralized monitor screen. Each snort sensor creates an SSL-encrypted communication thread to connect to the moniter server, and each communication channel has an individual certificate/private key pair.
FLoP is designed to gather alerts with payload from distributed snort sensors on a central server and to store them in a database (PostgreSQL and MySQL are supported). On the sensor, the output is written to a process called sockserv. This process is threaded; one thread receives and buffers the alert packets, and the other thread forwards them to a central server. The output is decoupled from snort, which can proceed in sniffing instead of waiting for the output plugins. At the central server, a process called servsock gathers all alerts from the remote sensors and feeds them to the database. A short description of alerts with high priority together with the database ID can be sent via email to a list of recipients.
RazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. RazorBack is designed to work within the GNOME framework on Unix platforms.