Best software based IDS?

Just looking for some thoughts on what some of you think is the best software based IDS. Having an appliance in the environment is out of the budget. Whether it be a paid software or open source does not matter.

Currently have a physical 2012 r2 running the hyper v role - was potentially looking at setting up a *nix VM and going with Security Onion. Any concerns or pros/cons w/ having a mixed VM environment?

Safe to assume a logging server would also be required? I can imagine without it, there would be some LATE nights. Any recommendations as far as that goes?
nflynn85Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

madunix (Fadi SODAH)Chief Information Security Officer Commented:
You could have as IDS (Snort), packet sniffing software (tcpdump) and packet analysis software (Wireshark).
asavenerCommented:
Take a look at Linux Onion.
asavenerCommented:
Whoops!  You already mentioned that....

No concern about a mixed environment.  We have VMs monitoring physical systems, and it seems to work fine.

What kind of logging are you looking for?  Syslog?
nflynn85Author Commented:
I mean more of having mixed OSes.....linux running along side msft. I know it's fine, I just need a expert to tell me it's fine so I can relay to mgmt :) Or any concerns in regards to doing so

I don't know what kind of logging i'm looking for, I just assumed with all the data I'd be collecting from those tools in Security Onion that I'd need some sort of centralized logging server (or a logging application) to parse through the logs. Any recommendations?
asavenerCommented:
Absolutely you can run Linux and Windows/Microsoft side-by-side  We do it in our environment everyday.

Onion logs locally, so you just need to make sure you size the disks appropriately.

https://github.com/Security-Onion-Solutions/security-onion/wiki/Hardware

For sending to an external syslog:  https://github.com/Security-Onion-Solutions/security-onion/wiki/ThirdPartyIntegration

You can use a free syslog like Kiwi, or you can go big with something like Splunk.  Personally, I'd just keep it local on the Onion server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.