A Host IDS monitors host and server event/sys logs from multiple sources for suspicious activity. Host IDS are best placed to detect computer misuse from trusted insiders and those who have already infiltrated your network. Okay, IMHO what I have just described is an event log manager, a true Host IDS will apply some signature analysis across multiple events/logs and/or time, heuristical profiling is another useful way to spot nefarious activity. NOTE it is felt that this battle of terms with the vendor marketeers regarding what actually constitutes a Host IDS vs an event log manager has been lost. therefore a HIDS can be any of the above.