We present an online monitoring tool for SCADA systems based on the network monitor Bro, which can be used locally at field stations. The tool generates alerts when suspicious and erroneous commands and sensor readings are detected. It can hence been seen as a local Intrusion Detection System, as well as an safety enhancement. It maintains a model of the local system, which is updated with incoming packets containing sensor readings and commands. Focusing on the protocol IEC-104, a parser was developed and the packet content was directly fed into the system model. Adaptive policies are implemented in Bro, which formulate physical constraints and safety requirements and allow to check whether SCADA traffic complies to these rules in real time. A case study with a real IEC-104 traffic trace shows the feasibility of our approach.