Network monitoring/IDS rant - What's hot what's not?

Pete asked:

> (traditionally) but they can normally monitor the heck
> out of 'decent' sized networks (less than 500 components
> was my last experience with OVW atleast, tivoli and CA
> we never got working correctly with less than 1 metric
> butt ton of LOE to keep it running)

What are the options and recommendations for networks > 500
components?

back when I had a 'network > 500 components', I could never find
any monitoring software that did what I wanted.
so I wrote my own. over the years it's been through some re-writes,
gathered features, (lost features), and become open-source.
written by an ISP for an ISP[1].

find it here:
  http://argus.tcp4me.com

  --jeff

[1] sorry, I mean "e-commerce solution provider". I can still hear
    the marketing people's voices in my head...

<shameless plug>
  On the same here. I have slowly been writing over
the years (and allowing to evolve) software i have called
'sysmon' that does network monitoring for ISPs by an ISP.

  It can see that there are network dependencies, that if
a host is unpingable that perhaps the pop3 server is actually not
worth the cpu time for testing.

  If you have a spare 486/pentium lying around with an
ethernet card, you can monitor a fairly large network with it
as well.

  http://sysmon.org/

  - jared

ps. all the data needed for fancy graphics is stored internally and
somewhat accessible via a currently pseudo-undocumented xml
interface. someone just needs to write some gui kludge to represent
it all.