snort and samhain - opinions please

[Daniel Berg <daniel.berg () eds com>]

Hi all,

this is my first post to this list, so hello to all of you interested in
this fantastic kind of technology =) Thanks for all the input I received
from the list so far!

I am currently setting up snort-based sensors for our DMZ, and I am
researching on the best possibilities to make those boxes secure.

The boxes run Solaris 9 on Sun Netra T1/105 machines, which made me
sweat a little, being new to Solaris and being familiar only with *BSD
systems. The C compiler was a real pain, but now all works smoothly.

I am considering setting up snort for the network intrusion detection,
with an ACID console in the background, and Samhain for
security/integrity on the box itself.
Samhain seems to be best choice for me since it has some nice features
like stealth mode and such.
Unfortunately I only have the possibility to log to MSSQL Server
(corporate policies never fit your real needs), which is not yet
supported by Samhain afaik. 
Has anyone here made any effort yet to port Samhain with MSSQL support,
or does anyone know of any other good file integrity check utilities
with similar functionality that would work with MSSQL?

I would be glad to get some opinions on my idea, I am always happy about
new ideas =)

Regards

-- 
Daniel Berg

++++++++++++++++++++++++++
+EDS Germany
+Security & Privacy
+email: daniel () eds de
+cell: +491792287327
+http://www.bsdaddict.org
++++++++++++++++++++++++++


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------