Although I have had untangle working well in every way for quite some time, my event log in Intrusion Prevention continues to show nothing, nada, not one peep. Is that normal ?

FWIW, I have most ports closed except those needed for SBS. I am running a mail server and have port 25 routed to exchange on the SBS box. DNS is disabled in the Untangle network setup screen since SBS is doing it.

I have diabled and reenabled the IPS rack and that changed nothing.

Any ideas ?

Try pressing the Refresh button in event log whenever you're visiting this log tab or press Auto-Refersh button once. Post back if it works/not..

Nothing here with regards to IPS either. My guess is that nothing is matched. If that's the case, could mean that Untangle as a firewall (or your other firewall if Untangle is in bridge mode) is doing its job right. One way to test the IPS is to perform some penetration testing to see if you can get it to alert.

There are many test rules you can create yourself to see if the module is indeed filtering traffic. Which in my case my custom rule is triggered, but I am wondering how these other snort rules are tuned since I can send many metasploit payloads and exploits through it without a peep.