Whatever way you choose to go, don't end up like the diver in the picture. They have on all the necessary gear yet are unaware of the clear and present danger(picture is fake). You will NOT implement an IDS/IPS and be secure simply because of its existence. You absolutely must log what happens and figure out a way to monitor your traffic. There are aggregation and correlation products out there that can take your vulnerability scans and/or customized input so that you don't have to be alerted when a Linux exploit is headed towards a Windows platform and vice versa. The goal for your implementation is to help your security posture. The ability to log is critical but logging doesn't mean monitoring, and monitoring isn't always effective if it isn't actually human readable. Without a, in my experience, significant amount of customization and tweaking an IDS will be spewing way too many alerts for an analyst to track. You may be doing your parsing with custom scripts, vendor filters, or a combination of the two.
I am anxiously waiting to see which way the smart grid will choose to go. It seems like the current feeling is that nothing would be able to monitor the massive amount of traffic and nodes (millions) that might be generated on some of these networks. Hey IPS vendors, we are looking at you.