OSSEC is a free, open-source host-based intrusion detection system. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response.
It has different tiers, for professional users.
By joining with OSSEC+, you have access to extra features for free. Atomic OSSEC for Enterprise, built on OSSEC’s open source basis, increases the capabilities to meet the needs of today’s enterprises. For security operations centers, it offers sophisticated SIEM log filtering that lowers noise and a small footprint that doesn’t break the bank.
OSSEC, the world’s most popular open source server intrusion detection system, now has clustering, agent management, reporting, security, vulnerability management, third party integration, and compliance capabilities.
It’s not the easiest to install, check the official website for detailed instructions.