AnsweredAssumed Answered

IPS packet capture

Question asked by alexaa933fd5c-c5cf-4502-9ce0-965c56f7964b on Oct 16, 2017
Latest reply on May 7, 2018 by Dameon Welch Abernathy

In R77.30 and earlier IPS packet capture was stored on the gateways as .pcap files and we could retrieve them using "fwm getpcap" over SSH. In R80+, IPS has been moved to Threat Prevention and it seems that packet capture is now being stored as .EML files. Looking at the logs from "fw log", the "packet_capture_unique_id" is now a name, where on earlier versions this was a ID number. Tried running "fwm getpcap" with different ID's from the logs, but all returning errors.

I heard that there are plans to stop using .EML files, but until then, are there any ways to get the IPS packet captures out from SSH?

Outcomes