I guess it figures that the three responses I got via Email were all about tripwire. Perhaps I wasn't clear enough. I wasn't looking for an integrity checker to detect changed files on my server. If I were, I would use Integrity Toolkit (before tripwire, there wat IT!, and IT is better). I am looking for a real-time intrusion detection system that can take information provided by syslogs and other similar sources coming from a distributed network of computers, fuse the incoming information, and detect both patterns that are dissimilar to normal usage patterns and patters that are indicative of known attack profiles. A good example is CMDS by SAIC, but I know there are other such products, and I am trying to get in touch with the vendors of those other products to determine if any of them are as viable as CMDS, what they cost, how they operate, and whether they will meet the needs of my client. I am interested in a package that operates on information from different sources, including but not limited to Unix varieties and output from routers. It would be best if it ran on trusted computing bases, it would be nice if was programmable to allow us to customize it to meet the client's ever-changing needs, and it would be even better if it were supported by a substantial commercial organization with a long-term commitment to its ongoing availability and enhancement. Finally, it would be nice if the cost were relatively modest for the value given, taking into account support, customization, etc. I hope this has clarified my request for information. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236