TCP Session logging with ACID

[<jonasb () alum rpi edu>]

Hi -

I'm trying to get a feel for the difference between using the stream
pre-processor and the TAG: session keywords in a rule. 
If I want to log every telnet session and view each one as an alert
within ACID, would I have to set a rule with content so that the
pre-processor picks it up?
If I use TAG however, will this generate an alert for each packet
tagged?

I guess my question is when would you use TAG vs. just relying on the
stream preprocessor, and how would a TAGged session appear in ACID?

Thanks!
B