Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kai_Magnussen
Participant

Cannot open packet capture files in ips log

hi,

There is a newly installed vs on a vsx cluster, that we cannot open or download the packet capture file from the log entry. Forensics is enabled in tracking, the files are generated, but when clicking on the cap file link in the log entry in smartconsole, we only get

"failed at getting the incident file from the gateway"

 

$FWDIR/log/forensics folder is empty, on the vs, and vs0, nothing on the log server either. 

Is there a timelimit for how long these files are accessible, and can this then be adjusted? Or is this a bug?

The vsx cluster is running R80.30.

0 Kudos
7 Replies
Timothy_Hall
Champion
Champion

Try bringing up the log entries and associated captures using the old SmartView Tracker (CPlgv.exe).  Does that work?  This will help determine if it is some kind of SmartEvent problem.  Also try bringing up the capture via the SmartView web interface at https://(IP OF SMS)/smartview

If none of these alternative options work, something is broken with the transfer of IPS packet captures, which should be transferred automatically between the VS gateway and the Log Server/SMS when they are taken.

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Kai_Magnussen
Participant

 

hi,

 

Thanks for the response. Tried accessing both alternatives, but no option to download, as the packet capture is not a proper link, just text.

So this further strengthens the theory that is a bug, so i have opened a case with TAC.

 

 

0 Kudos
Timothy_Hall
Champion
Champion

OK, please post and let us know what you find out with TAC.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
J_Bendonis
Explorer

Im finding this too, did you get an answer from TAC? (if only to save me a phone call)

0 Kudos

Hi Kai_Magnussen,

Were you able to get an update from TAC on this.

0 Kudos
ladeko
Explorer

We are also having the same problem. Did you find any solution/cause

0 Kudos

Hello,

you have to open a case . There is a hotfix for this issue available.

We are experiencing this issue sind R80.20 and always had to request a hotfix. But in our case the files are generated but cannot be opened because the file name is 0.0.0.0_filename.

 

Best regards,

Jan

0 Kudos