snort and samhain - opinions please

Hi all,

this is my first post to this list, so hello to all of you interested in this fantastic kind of technology =) Thanks for all the input I received from the list so far!

I am currently setting up snort-based sensors for our DMZ, and I am researching on the best possibilities to make those boxes secure.

The boxes run Solaris 9 on Sun Netra T1/105 machines, which made me sweat a little, being new to Solaris and being familiar only with *BSD systems. The C compiler was a real pain, but now all works smoothly.

I am considering setting up snort for the network intrusion detection, with an ACID console in the background, and Samhain for security/integrity on the box itself.
Samhain seems to be best choice for me since it has some nice features like stealth mode and such.
Unfortunately I only have the possibility to log to MSSQL Server (corporate policies never fit your real needs), which is not yet supported by Samhain afaik.
Has anyone here made any effort yet to port Samhain with MSSQL support, or does anyone know of any other good file integrity check utilities with similar functionality that would work with MSSQL?

I would be glad to get some opinions on my idea, I am always happy about new ideas =)

Regards

-- 
Daniel Berg

++++++++++++++++++++++++++

+EDS Germany

+Security & Privacy

+email: daniel@eds.de

+cell: +491792287327

+
http://www.bsdaddict.org

++++++++++++++++++++++++++




-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------