Hi all,

I need to setup a intrusion detection system for about 15 servers (Windows 2003 and MAC OS X Server). The problem is, I really don't know much about IDS. I would like to use free software. I have heard of SNORT, and from what I can tell, it monitors packets on your network. I was wondering, can it also monitor logs? Anyway, I was just wondering what everyone else out there uses. Any help is appreciated, thanks.

I read in reviews that SNORT has up-to-date intrusion detection (signature, etc.) rule files, a very large and happy user base, free user support forums, and commercial support service available. It allows installation with a MySQL database as an option, allowing alerts and related information to become accessible via ordinary SQL-related tools for user-defined analysis. It can also be installed with an analysis tool called ACID.

Open-source alternatives to SNORT exist. Here are just a few.
In the Windows NT/2000 camp LANGuard S.E.L.M. (Security Event Log Monitor), available in a single-server/five-workstation evaluation version.

ISS (Internet Security Systems) has several different products for NT/2000 and Solaris, including the RealSecure IDS, available for evaluation download.

You can also use OSSEC-HIDS (free, OSS), which monitors logs and sends alerts in real-time, and it also monitors Snort logs.