I have a few hundred Linux servers installed and i am trying to find the best solution for rootkit monitoring on these boxes. Maybe even something that allows for large scale deployments.

I currently run rkhunter but its not enough there are loads of logs and i need something to help me raise red flags and to spot problems quickly.

Any ideas?