What with all the RPC worm nonsense (my site is mostly patched, I do have a few stray systems that didn't get patched 2 weeks ago) I'm thinking of doing better network monitoring and intrusion detection. I think I'll have to give snort a try. The real fun will be the windows side of things.
One of the folks that has the thankless task of trying to ride herd of the exploit, patch, and anti-virus type stuff has been looking at snort as well. We hope we can use the Perl scripts from the linux port on the windows side.
