Yes while this it true and I'm very well familiar with sec due to my active involvment with prelude ids and while I agree it is a very powerfulll tool it does requier perl development effort to have a working implementation which means its not right for people not familiar with perl programing . In addition to my knowlege it was written as a prototype for a correlator engine for prelude ids, and has served its purpose and as such is no longer being activly developed in favor of the correlator which will be released soon. Syslog-mailer is tool which was designed to be simple to implement. Right now all I have to do is the documentation and I will post a release. I'm not saying its the right tool for every one is just easier to implement.