Just looking for some thoughts on what some of you think is the best software based IDS. Having an appliance in the environment is out of the budget. Whether it be a paid software or open source does not matter.
Currently have a physical 2012 r2 running the hyper v role - was potentially looking at setting up a *nix VM and going with Security Onion. Any concerns or pros/cons w/ having a mixed VM environment?
Safe to assume a logging server would also be required? I can imagine without it, there would be some LATE nights. Any recommendations as far as that goes?