We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response.
It provides a pretty complete coverage if you are looking for endpoint (server) monitoring.
If you have not used OSSEC before, I recommend reading my guide to get started:
Note that it requires root access to your servers and is meant for network and server administrators with Linux skills.
OSSEC With GeoIP
We recently made an improvement to OSSEC with the integration of the MaxMind GeoIP database (that maps an IP to a country and/or a city). This update was important to us, as it makes it a lot easier to monitor logs and understand what is going inside your network.