You should probably check out this link on how to do it with snort. http://www.ics.forth.gr/carv/np/splitter_tr323.pdf
There are commercial solutions, but the price is high. Here is an example: http://www.lightreading.com/document.asp?doc_id=92639&print=true

This link also looks interesting: http://www.bro-ids.org/ Since this is from lawrence berkeley lab, the government has already paid for development.
It seems if you are running a fast system without a GUI, and you aren’t trying to do too much, you can get away with Gbit speeds.
rt

I’m in agreement with astronomer (As I often am). Start with Snort, and learn from it. There are many free guides to learning snort, and SourceFire also offers classes (I’ve taken them) on using it. I’ve also worked on some of the expensive commercial solutions (ISS and Eeye come to mind) where upper management loved it, but we never got it to work successfully.

All of them have a learning curve to climb, but I’d consider Snort’s to be overall shorter – and there are white papers (and pay-for books) all over which will help guide you.

Bob

I also agree that you want to start with Snort. I’m using the Sourcefire 3D products after using Snort for years. I like Sourcefire because they are based on Snort and because of Marty Roesch’s attitude of supporting Open Source software.

ISS, from my experience, was terrible, but I also admit that I wasn’t trained on them. I used someone else’s training books and still wasn’t satisfied with them because the database filled up rather quickly (2 months) using MSDE (2Gb).

SF

I was trained by ISS and we still had problems with it. This was 8 years ago but we drowned in false positives.
rt