scanAlert
ScanAlert was built to analyze iptables log entries in real time and report detected port scans to syslogd. From there you can use a log monitoring daemon (like logdog) to take action if desired, or you can manually review the logs later if you prefer. It does not need special permissions, it doesn't listen on any network ports - it receives iptables messages from syslogd via a FIFO. It runs as a daemon, and supports the HUP signal to reload, has multiple debug levels, and does not require any special perl modules. ScanAlert has a straight forward interface and configuration file making it easy to use and configure.