I guess it depends on a lot of factors, something like IEV (IPS event viewer) is free and can generate simple reports like top 10 alerts, top 10 attackers, etc, but it has to be running all the time. IDM isn't much good as although you can view the events I don't think you can generate any reports.
MARS is probably at the top end, and will certainly give you reports, but does loads more besides. (we get over a million raw events a day - without something like MARS you couldn't possibly do anything meaningful with that volume of events)
I'd start with IEV and then look at alternatives if it doesn't meet the requirements.
The Security Monitor (SecMon) part of VMS 2.3 will generate IPS reports, but you have limited controll of their contents. You can load it on a W2K platform and run it for 60 or 90 days with the default trial license to see if it fits your needs:
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...