Physical configuration question

[Sammy <sammy7887 () yahoo com>]

I have a question regarding configuration and how to deal with the large amounts of data I have Snort capturing.  Right 
now I have 4 sensors, each with two instances of Snort running.  One instance is running in alert mode while the other 
instance is capturing all packet data in tcpdump format.  I've already upgraded the disks in all my sensors as I'm 
getting close to 20GB an hour on some of them.  How are people dealing with the massive data collected?  Are you using 
huge disk arrays?  Archiving to tape?  Any suggestions are appreciated.  Thanks in advance!


---------------------------------
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day