Cisco Cisco Web Security Appliance S390 Guida Utente
P A C K E T C A P T U R E
C H A P T E R 2 2 : S Y S T E M A D M I N I S T R A T I O N
493
Editing Packet Capture Settings
To edit the packet capture settings in the CLI, run the
packetcapture > setup
command.
To edit packet capture settings in the web interface, select the Packet Capture option under
the Support and Help menu, and then click Edit Settings.
the Support and Help menu, and then click Edit Settings.
Table 22-1 describes the packet capture settings you can configure.
Note — When you change the packet capture settings without committing the changes and
then start a packet capture, AsyncOS uses the new settings. This allows you to use the new
settings in the current session without enforcing the settings for future packet capture runs.
The settings remain in effect until you clear them.
then start a packet capture, AsyncOS uses the new settings. This allows you to use the new
settings in the current session without enforcing the settings for future packet capture runs.
The settings remain in effect until you clear them.
Table 22-1 Packet Capture Configuration Options
Option
Description
Capture file size limit
The maximum file size for all packet capture files.
Capture duration
Choose how long to run the packet capture:
• Run Capture Until File Size Limit Reached. The packet capture
• Run Capture Until File Size Limit Reached. The packet capture
runs until the file size limit is reached.
• Run Capture Until Time Elapsed Reaches. The packet capture
runs until the configured time has passed. You can enter the time
in seconds (s), minutes (m), or hours (h). If you enter the amount of
time without specifying the units, AsyncOS uses seconds by
default.
Note: If the file reaches the maximum size limit before the entire
time has elapsed, the existing file is deleted (the data is discarded)
and a new file starts with the current packet capture data.
in seconds (s), minutes (m), or hours (h). If you enter the amount of
time without specifying the units, AsyncOS uses seconds by
default.
Note: If the file reaches the maximum size limit before the entire
time has elapsed, the existing file is deleted (the data is discarded)
and a new file starts with the current packet capture data.
• Run Capture Indefinitely. The packet capture runs until you
manually stop it.
Note: If the file reaches the maximum size limit before you
manually stop the packet capture, the existing file is deleted (the
data is discarded) and a new file starts with the current packet
capture data.
Note: If the file reaches the maximum size limit before you
manually stop the packet capture, the existing file is deleted (the
data is discarded) and a new file starts with the current packet
capture data.
You can always manually stop any packet capture.
Network interface to capture
Select the network interface on which to run the packet capture.
Filters
Choose whether or not to apply a filter to the packet capture to
reduce the amount of data stored in the packet capture.
You can use one of the predefined filters to filter by port, source IP
address, or destination IP address, or you can create a custom filter
using any syntax supported by the Unix tcpdump command.
reduce the amount of data stored in the packet capture.
You can use one of the predefined filters to filter by port, source IP
address, or destination IP address, or you can create a custom filter
using any syntax supported by the Unix tcpdump command.