This was a C project I wrote when I was like 17, back in the days when there were no real intrusion-detection systems (I knew of).
It was written for *BSD and Linux back then, and I just tried typing
make on my OS X El Capitan, and whoohoo it just compiled fine and worked out of the box.
This kind of fascinated me, so I uploaded it to Github.
make ./entren -c entren.conf -f
$ ./entren --help entren --- a traffic analyser, may also be used as an intrusion detection system Copyright (C) 2002 Chris Aumann <firstname.lastname@example.org> Verison: 0.8.4 Usage: entren [args] -h, --help This thing -c, --configfile <filename> Use <configfile> instead of /etc/entren.conf -p, --print-rules Just read the rules and report errors. If no errors where found, print the rules and exit -f, --foreground Foreground mode, logstr goes to stdout instead of syslog. Verbose mode. Report bugs to: <email@example.com> for the newest version, visit <http://entren.sourceforge.net/>