One of the often mentioned IPS’s. It’s setup is more aimed at large orgs managing clusters of machines; given its client/server based model with agents and servers. From the project’s homepage:
Watching
OSSEC watches it all, actively monitoring all aspects of system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring. With OSSEC you won’t be in the dark about what is happening to your valuable computer system assets.
Alerting
When attacks happen OSSEC lets you know through alert logs and email alerts sent to you and your IT staff so you can take quick actions. OSSEC also exports alerts to any SIEM system via syslog so you can get real-time analytics and insights into your system security events.
Everywhere
Got a variety of operating systems to support and protect? OSSEC has you covered with comprehensive host based intrusion detection across multiple platforms including Linux,Solaris, AIX, HP-UX, BSD, Windows, Mac and VMware ESX.