Can you tell if an attack is successful by looking at IPS logs?

A successful attack by definition will not be detected by IPS or IDS.

What IPSs and IDSs are good for is weeding out script kiddies, worms and similar attackers.

If you want to have a relatively secure web application you need to use a web application firewall with a default deny rule set. Yes, it hurts to configure it this way and it will take a bit of time, on the other hand, it is really a "fire and forget" solution. The only time the rule set has to change is when the application changes (which you know about), not when attackers think about a new way around IPS or IDS (which you, or your IPS/IDS supplier, don't know about).

IPSs and IDSs "enumerate badness" and this just doesn't work any more: The Six Dumbest Ideas in Computer Security


It depends on the product. Some products have the ability to capture the response packet(s) as well as the attack packet(s). Some products, notable IBM Proventia, will annotate the original event with a success/failure notification, which you can see if you open up the details of the event. For example, all HTTP events in Proventia will include not only the URL of the attack, but also the response code (200, 404, 500, etc.).