SURFnet High-qualitiy Internet for higher education and research
SURFnet connects the dutch networks of universities, colleges, research centres, academic hospitals and scientific libraries to one another and to other networks in Europe and the rest of the world.

You may want to have a look on their network structure.

Below you can see first screenshots of the SURFnet IDS webinterface.
The intrusion systems structure is really sexy, surfnet ids uses openvpn to route traffic from different network ranges to a central server running nepenthes. As they had some whishes in nepenthes logging, we sat together and created a module log-surfnet that logs the attacks and details to a postgres database.

The webinterface supports usergroups, and allows each user to see how poisend his own network is compared to others.

Click the images for full size, or visit http://ids.surfnet.nl/screenshots/ for more.

The surfnet ids projecthomage offers more information about the setup, so some short details as a teaser

• complete open source based
  • sensors
    • knoppix featuring openvpn
  • server
    • apache + php
    • postgres
    • nepenthes
    • rrdtool
• setting up a sensor is easy, just plug in the knoppix usb stick and boot it, it will create the required openvpn keys and set it up by itself
• includes webinterface to see whats going on
• one can search for activity on ranges like “12.23.41.32/21”
• easy to setup

Not to mention the log-surfnet nepenthes module will make it into the upcoming nepenthes release.

• SURFnet Home in english so you at least know whois surfnet
• SURFnet IDS Project Homepage
• Contact SURFnet IDS Developers