Thanks for the feedback and glad to hear you are a fan! This "What We're Working On in the Land of Log & Event Manager" post should be helpful to your first bullet. I'll leave the rest for the PM to elaborate on a little more.
We do still provide the built-in Snort IDS on our virtual appliance, which you could deploy. You can also deploy an appliance dedicated to that function if you so choose, rather than using the all-in-one functionality of the single LEM appliance.
What we've found, though, is that the complexities and overhead of deploying IDS on a virtual environment make it so many customers would prefer NOT to use the built-in IDS and rather pursue hardware-based or alternative solutions. Our built-in IDS functionality is also not "bleeding edge" and managed at the same level as a hardware IDS, so depending on the level of your needs, it might not work very well, either.
Happy to answer further questions.