If you need to practice work Cisco routing FU the Hacking Cisco Blog (link) is amazing. You have more then 156 practice lab including network diagram and solution. Have Fun!

Here are some search tips for sguil IDS alerts search

• Search for all event that have a destination IP of 192.168.99.1

WHERE event.timestamp > '2011-08-19' AND event.dst_ip=INET_ATON('192.168.99.1')

• Search for a specific Snort SID

WHERE event.timestamp > '2011-08-19' AND event.signature_id = 2003422

• Search for an event ID (650: SHELLCODE x86 setuid 0) with a destination IP of 192.168.99.1

WHERE event.timestamp > '2011-09-19' AND  event.signature_id  = 650 AND event.dst_ip=INET_ATON(192/(256^3) + 168/(256^2) + 99/256 + 1)