Configuring rolling packet capture settings

Use the Rolling Packet Capture Settings page on your Network IPS appliance to configure how the appliance captures and stores network packet information. Use the files recorded by this feature and the log evidence feature for forensic research and troubleshooting.

About this task

Navigating in the IPS Local Management Interface: Secure Protection Settings > Response Tuning > Rolling Packet Capture Settings

Navigating in SiteProtector™ Management: select the Rolling Packet Capture Settings policy

To retrieve log evidence files and rolling packet capture files, go to Review Analysis and Diagnostics > Downloads > Logs and Packet Captures.

Procedure

  1. Configure the following options:
    Option Description
    Enabled Enables the rolling packet capture feature.
    Maximum Files Specifies the maximum number of files that the appliance stores. The default is 10.
    Note: When the feature reaches the maximum file number, it begins again with zero (0) and overwrites the existing files.
    Maximum File Size (in MB) Specifies the maximum file size. The default is 1.
    Interfaces Specifies the interfaces from where the feature captures data. The default is all interfaces.
    Packet Capture File Format Specifies the log file format. The default format is pcap but you can choose sniffer.
  2. Apply your changes.