Snort can be very simple or very complex, depending on your needs. You can go for something even more involved and that allows more visual detection, such as demarc's puresecure (check google) or ACID, which IIRC uses Snort as it's backend. Either way, snort is likely your first stop.
Also:
Moving to Linux - Security where you'll get more attention regarding this matter
Cool