We just installed an OSSIM iso as a KVM guest to monitor one of our networks. For those unfamiliar with the product it is a Debian based distro positioned as a security appliance.

I am wondering if anyone here has had any experience with it and would care to comment on its usefulness, or lack thereof. Off-list is probably best unless there are any CentOS specific issues that arise.

Thanks,