That'd work fine for HTTP(S) data, I suspect the data capture would have to be done at the IP level by default, with per-protocol filters on top to capture additional data. Which is going to add complexity to the data capture equipment, plus an ongoing maintenance cost to keep on top of new/updated protocols.

I can't see the current government accepting the possibility that the Internet Bad Guys(tm) could just use a different protocol and avoid all logging.