Do you know about samhain
I will install it instead of tripwire.

I have no idea. I’ve heard of it, but never used it. IDS are a cool idea, but can be a bit time-consuming to manage. I’ve used TripWire quite a bit in the past, but don’t have it on any current systems. Let us know what you think of Samhain! (Some others probably have opinions, too, of course.)

Isn’t this kind of software intended for large® deployments, like 100+ servers?

In any case, whether or not deploy IDS apps of any kind, a log analyser is important. Logs are full of noise and clutter and hard to read and time consuming. has listed a bunch of tools to make that task easier. You may want to dig into that. If you deploy Samhain, you may want ACID too.