Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.
For downloads and more information,
visit the Sguil homepage.
i have used this tool but briefly... there is plent of documentation for it and it works well on freebsd, where it can be ported in... i consider it a neccesity for network security even tho i have only used it briefly. i know it complements snort as well.