I am currently building a webserver for a project which consists of 3 computers, 1 which has windows 2003 with IIS installed, another with windows 2003 installed with active directory and DNS and another installed with windows 2003 and ISA server. We have secured all systems by blocking unessecary ports and applying SSL and all that mumbo jumbo. Now we have to document the ongoing security monitoring of these servers and I was just wondering if any of you had any suggestions on what ways i could monitor the security on these systems.