LinuxSecurity has a new story on getting started with intrusion
"Intrusion Detection is the process and methodology of inspecting data
for malicious, inaccurate or anomalous activity. At the most basic
levels there are two forms of Intrusion Detection Systems that you
will encounter: Host and Network based."