OSSEC vs Samhain HIDS discussion

[Mattieu Puel <vodmat.news () gmail com>]

Hi all,
I am looking forward a HIDS for mass deployment on unices systems (~= 1200
Linux/Solaris/AIX). I need a centralized system (in order to simplify
administration), excluding tripwire/aide/integrit and the like..

A that point of my researches, I have the feeling that OSSEC or Samhain
would be the right solution. I need centralized config files/databases,
multiple ways of processing logs (mail/syslog/dbs/scripts..). Managing
different types of systems/archs configuration files is also an important concern.

Here are a few questions I would like to submit to the list:
What is the most serious, stablest, easy-to-use and full-featured one between those two ?
Which one is the most widespread over huge organizations ?
Are there other solutions that would meet my needs ?
Are there well known issues in using samhain or ossec ?
Samhain and ossec seems unable to corelate alerts (avoiding mass mailing when the same 
error is encountered on all hosts). Is that true ? Does some other tool do the job ?

Sorry about my weird english..
Thanks for any post.
-- 
Reconnaissez vos erreurs avant que quelqu'un d'autre ne les exagère.
    -*- Andrew Mason -*-

Attachment: smime.p7s
Description: