Hey sysadmins, what tool do you use to (try to) detect anomalies / intrusions on your systems? I'm especially interested in tools operating on the syslog output. Cheers, Nico -- Systems Group Sysadmin Tel: +41 (0) 44 632 76 09 D-INFK/ETH Zurich