I am looking at host based intrusion detection systems and have concluded that Samhain and Osiris are ahead of the pack as they have central management features which are a big plus.

I need to monitor quite a lot of linux servers, and ideally a bunch of Windows servers too.

After quite a lot of googling I'm still no wiser, as both seem to have their trade offs. Only Osiris has a proper windows agent (samhain needs cygwin which I am reluctant to go round installing just for this). On the other hand osiris doesn't even sign it's config or baseline.


I'd like to know people's experiences; what have you used and which do you think is better?


Opinions welcome.