However you use Snort, it is a solid tool for gathering and analyzing network traffic. With its add-ins/ons, Snort can perform as solidly as most commercial IDS products. Deployment across large network infrastructures, though a bit challenging, is possible, and almost all commercial SIEM products can take Snort input, either as tcpdump files (binary) or as a text file, for further correlation and analysis.
For its ability to be deployed rapidly, its comprehensive capabilities and the superb open source community support, Snort has to be one of our favorites. And no discussion of Snort would be complete without a nod to the commercial version, available as an appliance from Sourcefire, guided by Snort's developer Martin Roesch as its CTO. Roesch has blended the best of both the open source and commercial worlds into the Sourcefire offerings, and for organizations that want Snort with the reliability of a commercially supported product, Sourcefire is the real deal.