Syslogging (ensures you got data even if the box is wiped)
Host anomaly detection
Bacula MD5 save jobs
chkrootkit / rkhunter (minimum protection of system environment, rootkit detection)
Snort (or newer, faster...)
i.e. Symatec (shudder) or R.B.
TAPs / SPAN
Setting up honeypots (anybody accessing this system needs to be in high risc class)
What to do with your IDS data
Understand these things are to be continually monitored and require dedicated manpower to handle. So you need to decide how much time you can put into them and plan by it.