[NTLUG:Discuss] Host security monitoring

[Leroy Tennison]

Is there a good software package to monitor host activity for security 
issues from the host itself.  What I'm looking for is something that 
will spot malware activity and produce a warning (in the logs, 
whatever).  I'm aware of tripwire but you really need to install that 
when building the host and decide what to monitor.  I don't know whether 
any of the malware programs for Linux actually look for attacks on Linux 
hosts.  Trying to create an iptables filter that would detect 
inappropriate outbound traffic seems like "mission impossible".  Any ideas?