Something that was initially very confusing for me when I first learned about IDS/IPS technologies was how it all came together. When I heard the term intrusion detection system, I kept expecting to see something that did it all. Inevitably I was disappointed because an IDS is not a single device; rather, it is a system made up of two components:
The network sensor For all intents and purposes, in a network-based solution, sensors tend to be beefed-up network sniffers that are deployed strategically throughout the network to monitor the traffic. In host-based solutions, the sensor is the software that is installed on the host that is being monitored .
The management console The management console is the central data repository that all the sensors report back to. This allows you to manage your entire environment from a single location as well as provides a central data repository from which you can run reports .