In R77.30 and earlier IPS packet capture was stored on the gateways as .pcap files and we could retrieve them using "fwm getpcap" over SSH. In R80+, IPS has been moved to Threat Prevention and it seems that packet capture is now being stored as .EML files. Looking at the logs from "fw log", the "packet_capture_unique_id" is now a name, where on earlier versions this was a ID number. Tried running "fwm getpcap" with different ID's from the logs, but all returning errors.
I heard that there are plans to stop using .EML files, but until then, are there any ways to get the IPS packet captures out from SSH?