I suspect that Internet Explorer is modifying the file as it is being downloaded. Here is a technique you can use that should work around the problem:
1) Log into the IPS CLI and issue the "iplog-status" command. Make a note of the "Log ID" for the IP Log you want to view.
2) Install and launch Mozilla Firefox 1.0.4. http://www.mozilla.org/products/firefox/
3) Type the following URL into the location text box in Firefox. Substitute your sensor's IP address and the Log ID from step 1 above:
https://10.1.2.3/cgi-bin/iplog-server?ipLogId=1566828
Note: the default IPS sensor setting is to have TLS enabled and the web server listening on port 443. If you have changed either of these settings, you will need to make corresponding changes to the URL above.
4) Accept the X.509 certificate after confirming its fingerprint.
5) Choose "save to disk" when prompted.
6) After file download is complete, locate the file "iplog-server" in the download directory (the Firefox default is to save it on the desktop) and rename it to "iplog-1566828.pcap". (Substitute your actual Log ID.)
7) Double-click on the file to open in Ethereal.
If the file is not corrupted by this process, then we have isolated the problem. Next try running IDM from Firefox. Follow your usual procedure for downloading the IP log file. If this works, the problem is definitely in Microsoft Internet Explorer.
If, however, when running IDM from Firefox, the log is corrupted, then the problem might be in IDM and we need to know about it. Please respond with your results.
BONUS:
The IP Log server accepts the parameter "index" and produces hyperlinked results. Just substitute your sensor's IP address in the following URL:
https://10.1.2.3/cgi-bin/iplog-server?index
