This has been something I've been curious about for awhile now. How many people actually use an IDS? If you do, which do you use, and why? Do you actually go in and check all of the data it collects and react to it, or do you have an intrusion prevention system that handles it for you? If you don't use an IDS, why don't you?
I ask because I'd like to hear from people what they find lacking, or what they love, about existing IDS systems. IDMEF presents a very nice way to combine a whole bunch of different systems to make it into one nice big system, much like Prelude does now. Prelude is the only system of its type that I've been able to find though, and I'd love to know what some of the improvements people would like to see, since a project doing something similar to Prelude has been on the backburner of my mind for quite some time now.
If your journal is on Advogato or Planet Larry (which this journal is syndicated on now, thanks beandog), then I'll most likely see your response, but if you want, shoot me an email as well. My email can be found on my Advogato page.