Colby W. wrote: > Kenneth, > > Take a look at OSSEC HIDS (http://www.ossec.net). Thanks Colby, that looks like a good suggestion. Have you used OSSEC HIDS in a production environment? Is it pretty reliable? Kenneth