Configuring rolling packet capture settings

The Network IPS appliance captures and stores network packet information for you to use for forensic research and troubleshooting.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Response Tuning > Rolling Packet Capture Settings

Navigating in the SiteProtector™ system: select the Rolling Packet Capture Settings policy

To retrieve log evidence files and rolling packet capture files, go to Review Analysis and Diagnostics > Downloads > Logs and Packet Captures.

Procedure

  1. Configure the following options:
    Option Description
    Enabled Enables the rolling packet capture feature.
    Maximum Files Specifies the maximum number of files that the appliance stores. The default is 10.
    Note: When the feature reaches the maximum file number, it begins again with zero and overwrites the existing files.
    Maximum File Size (in MB) Specifies the maximum file size. The default is 1.
    Interfaces Specifies the interfaces from where the feature captures data. The default is all interfaces.
    Packet Capture File Format Specifies the log file format. The default format is pcap, but you can choose sniffer.
  2. Apply your changes.