Advise - Event logs, IDS & firewall log monitoring / repor..

Archived from groups: microsoft.public.win2000.security (More info?)

I've been asked to find a solution for our live internet servers, which will
allow us to add functionality for Event log monitoring / IDS and firewall
monitoring / reporting. However, cost is obviously an issue.

Our current setup is 16 servers made up of a combination of mostly Windows
2000 and a few Windows 2003. Most are IIS web servers, with a few MS SQL
2000 servers. They're currently setup in a work group rather than a domain,
which obviously makes domain wide monitoring impossible/difficult, however
we are currently looking at upgrading the platform, which will include
bringing it all into a domain, so it hopefully won't be an issue for long.
The firewalls we use are Watchguard Firebox's.

As far as IDS is concerned, we've used Entercept on one of our other
platforms, and don't like it, due to the facts that 1) it's very hard to get
it setup correctly, and 2) it's service pack specific, so we have to wait
for up to 6 months after a new service pack comes out for an update to be
released, before we can install it. Otherwise the IDS system stops working.
Additionally it seems very expensive for the quality of the software.

With the Watchguard Firewalls, I've used WebTrends firewall reporting
software, and don't like its interface, the difficulty of setting it up, or
the quality of the reporting. Also it's very expensive for what it is in my
opinion.

What have other people used and what would you recommend or warn against?
There's so many different pieces of software out there, and I don't have
time to test them all, so I'd ideally like to at least reduce the number of
possible solutions to be more manageable number, that I can test and make a
recommendation on.

Thanks
Keith