The web's top-rated NIDS solution, Snort, checks incoming packets against a rules-base and reports the results to a MySQL database as well as, as discussed previously, to OSSEC:
That's handy, especially when fronted by Snorby, a powerful interface that makes analysis a snap and which makes a Snort-specific alternative to using Splunk's GUI:
We need to work in superuser mode so take root:
Install Snorby with Ruby on Rails to power it, Snort's MySQL version and dependencies:
aptitude install apache2-prefork-dev build-essential ...