I recommend that you use OSSEC is a Host-Based Intrusion Detection Systemm, It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response, and its latest version integrates with prelude is an Hybrid IDS framework

http://www.ossec.net/

http://www.prelude-ids.org/

[ reply ]