What types of information are commonly logged with Network Intrusion Detectors?

view story

http://serverfault.com – I've only found generic descriptions that have sensors capture network traffic and analyzes the content of the individual packets for malicious traffic. What I want to know is specifically what kind of information is logged from the network traffic and packets and how the system would know it is malicious. Any tips/guidance would be greatly appreciated! Thanks!! (HowTos)