I just stumbled upon a document from ENISA about “proactive detection of security incidents”. It had to be relevant 🙂
It is a document about honeypots, what they do, how they work, and – very interesting – a list of software. It is 183 pages, so I have not read it in detail (yet).
You can find it here. Definitely recommended reading.