[ARGUS] Argus Deployment in Higher Speed Environment

[eric]

I work in a large academic environment. We're faced with migrating
from a single OC3c link to a potential of 1200Mbps. Currently, we
use a netoptics passive tap and a single box running argus, and this
works well so long as we don't take some higher-traffic ports such
as http, etc. Unfortunately, when there's a W32.Slammer host on our
network spewing out 50-60Mbps plus the existing 110Mbps sustained
traffic, argus usually comes up with write errors due to disk
constraints.

That said, you can see why I start to get concerned about 1200Mbps :)

If anyone has experience dealing with this, or if you've tried it in
the past, please let me know. I'm curious to know how this is going
to pan out, and the chances are great that we'll take our tap and
split it into an inbound/outbound host, etc..

Also, has anyone tested argus on a 64-bit x86 platform such as
itanium? We are looking at macppc vs. x86, and one requirement was
that both be 64-bit (yes, we're trying to get some Xserv's instead
of x86!).

Thanks.

- Eric