netstat-monitor is a commandline tool for monitoring network connections. Its output is similar to the output from the netstat command with the options "netstat --inet -alp". Netstat-monitor can be left running, though, and will report new connections as they are made. Also, filters can be created to limit what's displayed to just what's unexpected or interesting.
dabba is a set of distributed network monitoring tools for Linux. Its main use is to gather or scatter actions on a network such as traffic capture, replay, generation, or monitoring. It was inspired by the Dabba Walla system in Mumbai where meals are regrouped and dispatched throughout the city with a high efficiency rate, every day of the year. The project has three main components: libdabba, a low-level zero-copy network library, dabbad, a multi-threaded task manager and IPC query processor, and dabba, a CLI for communicating with dabbad and submitting tasks.
LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.