This paper proposes using a honeypot to improve the efficiency of intrusion detection systems (IDS) in detecting zero-day attacks. It presents a network architecture that incorporates a honeypot server to log attacker activities. These logs are analyzed using tcpdump to generate custom IDS rules matching the payload. This allows the IDS to detect new attacks before they harm the internal network. The honeypot attracts attackers by emulating servers and records their interactions without affecting production systems.