I run OSSEC almost everywhere - it is one of my favourite software packages. I'm running it at home on my tiny "server", which works great. If somebody scans me, I know. I would ultimately like to be able to block them at the gateway. Because the normal Cisco router IOS doesn't have a 'shun' command (as compared to the normal firewalls), there isn't any easy way to script it (I've tried using expect, I can't see how it could be done). I found that ACLs can be stored in a database.
After finding this out, I've added another project to my list: create a dynamic ACL database for my Cisco to integrate with, and block traffic to/from that OSSEC detected as dangerous. I've even contemplated integration with various RBLs and Google's Safe URL API.
This project might remain idle for a while, however, as I need to focus my energies on other areas.
Integration with Websense
Details of URL Filter