Cisco Cisco Web Security Appliance S170 Guia Do Utilizador
26-5
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 26 System Administration
Support Commands
You can download the packet capture files using the Download button in the web interface, or by
connecting to the appliance using FTP and retrieving them from the captures directory.
connecting to the appliance using FTP and retrieving them from the captures directory.
In the CLI, use the
packetcapture
command.
In the web interface, select the Packet Capture option under the Support and Help menu.
Note
The packet capture feature is similar to the Unix tcpdump command.
Starting a Packet Capture
To start a packet capture in the CLI, run the
packetcapture > start
command. If you need to stop a
running packet capture, run the
packetcapture > stop
command.
To start a packet capture in the web interface, select the Packet Capture option under the Support and
Help menu, and then click Start Capture. To stop a running capture, click Stop Capture.
Help menu, and then click Start Capture. To stop a running capture, click Stop Capture.
Note
The web interface only displays packet captures started in the web interface, not from the CLI. Similarly,
the CLI only displays the status of a current packet capture run started in the CLI.
the CLI only displays the status of a current packet capture run started in the CLI.
Editing Packet Capture Settings
To edit the packet capture settings in the CLI, run the
packetcapture > setup
command.
To edit packet capture settings in the web interface, select the Packet Capture option under the Support
and Help menu, and then click Edit Settings.
and Help menu, and then click Edit Settings.
describes the packet capture settings you can configure.
Table 26-1
Packet Capture Configuration Options
Option
Description
Capture file size limit
The maximum file size for all packet capture files.
Capture duration
Choose how long to run the packet capture:
•
Run Capture Until File Size Limit Reached. The packet capture
runs until the file size limit is reached.
runs until the file size limit is reached.
•
Run Capture Until Time Elapsed Reaches. The packet capture
runs until the configured time has passed. You can enter the time in
seconds (s), minutes (m), or hours (h). If you enter the amount of
time without specifying the units, AsyncOS uses seconds by default.
runs until the configured time has passed. You can enter the time in
seconds (s), minutes (m), or hours (h). If you enter the amount of
time without specifying the units, AsyncOS uses seconds by default.
Note: If the file reaches the maximum size limit before the entire
time has elapsed, the existing file is deleted (the data is discarded)
and a new file starts with the current packet capture data.
time has elapsed, the existing file is deleted (the data is discarded)
and a new file starts with the current packet capture data.
•
Run Capture Indefinitely. The packet capture runs until you
manually stop it.
manually stop it.
Note: If the file reaches the maximum size limit before you manually
stop the packet capture, the existing file is deleted (the data is
discarded) and a new file starts with the current packet capture data.
stop the packet capture, the existing file is deleted (the data is
discarded) and a new file starts with the current packet capture data.
You can always manually stop any packet capture.