You can set packet capture or ip logging on any signature. If you connect to the IDS via the IDM interface you can navigate to the signature configuration mode which is nested under configuration - sensor engine - signature configuration mode - all signatures - and then chose which signature you would like to enable the packet capture on and choose edit. You will be presented with a list of variables that you can change for that specific signature. One of the variables is packet capture, set this to true to enable. If you would like a log of traffic between the attacker and the victim you can enable ip logging for that signature. Care should be taken when enabling ip logging on a large amount of signature as this could cause performance issues. You might also want to limit the size of the ip logs if you use this signature other wise you might end up with pretty large log files. Please let me know if you need any more clarification on the process.
