Thanks for your reply.
I am looking to setup a basic IDS system, where attempts to connect to certain ports are logged in the usual places. At the moment, I am logging connections to telnet ports, then I run a script every night to report on connection attempts.
Hardware specs shouldn't be a problem, server has only just been purchased and runs dual xeon cpus, scsi drives etc. I guess by your suggestions, the only time performance might be an issue, is during an attack (portscan etc), which would probably hinder performance anyway.
Any other ideas?