NIDS Packet Capture Problem

[Shishir Tejpal <tejp8050 () uidaho edu>]

Hi all,
          I am working on a graduate project for which I require clean log files which contain only valid network data 
w/o port scans and even remove attacks if they are present. This log file will be used as a training set for anomaly 
detection. The problem that I am having is that I am running two snort programs  one as a NIDS and the other as a 
Sniffer both log the packets in TCPDUMP format. Now in order to get a clean log file (contain only clean n/w traffic) I 
only write packets from the sniffer which are not in the present in the NIDS log file. This is a very unelegant way 
since I have a lot of log files from the summer containing packtes captured by a sniffer which in all probability are 
infected with lots of scan attempts. 
Does anybody know of a way that I can only log packets which do not pass any rule (i.e they could be considered normal) 
This would save a lot of computing time and could easily be automated. I am running snort on a win box.     

Thanking you in advance

Shishir Tejpal