Snort is a network traffic logger/analyzer tool. In Debian, Snort can be installed as snort-mysql or snort-psql, depending on whether MySQL or PostgreSQL is to become the database backend.
A good introduction can be found here: http://www.debian-administration.org/articles/318.
Note that Snort can hog system resources, starting with processing resources. As a result, don’t run Snort on a network busy system unless you have to. You can always use a hub to connect a Snort-dedicated machine to machines that need to be monitored.
Note that snort is useless without an extensive rules that identify what a threat looks like. As a result, it is important to get the most updated and inclusive rules. There is a paid subscription service to the most up-to-date rules, although Debian does include a set of rules already.