Because hackers tend to get in anyway (regardless of firewalls and proxys), IDS is able to stop them before they can do damage. It is not designed to be the sole security component in your network but an integral part of the picture. Also keeping the signature files up-to-date are as critical as maintaining virus data files.
The best IDS I've seen is Snort, and it's free too (well...aside from the two weeks to learn how to use it of course). And IDSes are a great weapon in the security toolkit.
As for keeping up with the new attack signatures...well that's a pain in the butt no matter what IDS you use. You obviously don't want to add every signature that comes in an update (looking for Oracle attacks on a network with no DBs is not worth the CPU power).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...