Thanks all. I'll give it a try. Although I find myself torn between the two systems. Splunk is a killer report-generating platform, but it can be quite demanding on clients and networks as it collects - excuse me "vacuums" - all of the raw data. On the other hand, one of the things I love dearly about OSSEC is how light-weight the agent is and how well it regulates data collection. Users would never notice it's there, which is important so they don't try to deactivate it like they do with anti-virus apps that get carried away.
So here's hoping to get the best of both worlds. - Dave
