When I was doing a job that sounds similar to yours, I too re-implemented some tools in perl. With hind sight, I would have just used pre-existing tools, using perl for analysing their reports. Most of the important tools - snort, tripwire etc - are sufficiently cross platform already.

I think the original poster should be careful, and if he thinks he needs to write some tool from scratch should look very carefully at the options that area already available. His time is probably better spent in understanding the existing tools and writing better analysis tools, rather than re-implementing everything himself.