100+...... EEEEEEK..... I run a nice little 650 w/s WAN in 20+ locations across 3 counties - it's hard enough to get the staff to manage the network let alone roll out 100+ IDS's...... If you're gonna work on that scale the $$$$$ are probably worth it by the time you're done.

My "log organizer" is just an Access database that has templates to import the various logfile types I pull and then routines written to dump the extraneous garbage.... It works for me - I got fed up of snooping through half a dozen different logs thinking to myself "I wonder if I've seen that IP in another log?".... It was a pain and I was always certain that missing something was highly likely. So I consolidated them and can run some stats on it like "show me IP's that scan slowly, (1 per > 2 sec)" and such like. That would give me a list and I can click on an IP and see it's entire history from the external IDS, firewall, Internal IDS, server logs, IIS logs etc.