Absolutely! I tended to invest heavily in NIDS as there were a fair number of servers not directly controlled by me. (And I was pretty sure the ones I did control were reasonably securely configured). Hence the need to do monitoring with a system I did control - snort usually. If you do own the box,...

[ more ]