Assuming I have FreeBSD auditd / auditdistd logs.. is there any ruleset or process that looks for oddities and can alert? Generally, what is a reasonable way for security monitoring #FreeBSD?
@robinp@stefano I would go with logcheck which is not BSD related. But there is no easy silver bullet and a lot of work is needed to baseline the normal things.
Robin Palotai
Stefano Marinelli
Hagen Bauer 
IrishMASMS