free Unix intrusion detection systems?

What intrusion detection toolkits does the modern Unix admin typically turn to?  Here are some of the ones I'm aware of:

• Snort
• Tiger (appears to be under active development now?)
• LIDS (seems to require kernel patching)
• PortSentry/SentryTools
• chkrootkit

I gather that these choices are not mutually incompatible, either (e.g. Tiger appears to provide a framework that may include Snort, chkrootkit and possibly others).

Those of you who have explored this issue in more depth than I have: what tools do you use and why?  Have you actually experienced an attack while guarded by any of these tools, and how did they perform?