To run a program such as Tripwire once at system build to get a file-integrity baseline is cheap, easy, and smart. To run Tripwire every day is costly because someone has to examine the results of the scan.

Stephen Northcutt, Network Intrusion Detection: An Analyst's Handbook