is possible to monitor daemons on remote machines and generate warnings at a central location. As these warnings indicate operations not covered by existing policy, it is possible to detect intrusions and prevent them from succeeding. For example, a web server or ftp server can be monitored that way.