ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. After a learning phase, it is able to detect changes in processes behavior, to detect buffer overflows, etc. It is implemented through a device driver (as a kernel patch) for the Linux kernel, but can also be run on other UNIX systems by using a "sensor" built upon strace.
Impost is a network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons. There are two different kinds of operating modes; it can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients, or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments.
Installwatch is a simple utility which keeps track of which files are created and modified during the installation of a new program. It's fast and easy to use. It doesn't require a "pre-install" phase because it monitors processes while they run. Installwatch works with every dynamically linked ELF program, by intercepting system calls that cause file system alterations.
Isoqlog is an MTA log analysis program written in C. It is designed to scan qmail, Postfix, Sendmail, and Exim logfiles and produce usage statistics in HTML for viewing through a browser. It produces a "top domains" statistic according to sender, receiver, total mails, and bytes, and keeps the main domain mail statistics with regard to day's top domain, and top users values for per day, per month, and per year.