wIDSard is a host intrusion detection system for Linux. It intercepts, at user level (Kernel modification not required), system calls specified in a configuration file written by the user. It is based on strace source for syscall interception. A finite-state automata is used to trace the monitored process. The language used for the configuration file is regular expression based.