Cisco Cisco Email Security Appliance X1070 Guia Do Utilizador
8-10
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 8 Common Administrative Tasks
Support Commands
describes the packet capture settings you can configure.
Table 8-1
Packet Capture Configuration Options
Option
Description
Capture file size limit
The maximum file size for all packet capture files in
megabytes.
megabytes.
Capture Duration
Choose how long to run the packet capture:
•
Run Capture Until File Size Limit Reached. The
packet capture runs until the file size limit is reached.
packet capture runs until the file size limit is reached.
•
Run Capture Until Time Elapsed Reaches. The
packet capture runs until the configured time has
passed. You can enter the time in seconds (
packet capture runs until the configured time has
passed. You can enter the time in seconds (
s
), minutes
(
m
), or hours (
h
). If you enter the amount of time without
specifying the units, AsyncOS uses seconds by default.
This option is only available in the GUI.
This option is only available in the GUI.
Note
The packet capture file is split into ten parts. If the
file reaches the maximum size limit before the entire
time has elapsed, the oldest part of the file is deleted
(the data is discarded) and a new part starts with the
current packet capture data. Only 1/10 of the packet
capture file is discarded at a time.
file reaches the maximum size limit before the entire
time has elapsed, the oldest part of the file is deleted
(the data is discarded) and a new part starts with the
current packet capture data. Only 1/10 of the packet
capture file is discarded at a time.
•
Run Capture Indefinitely. The packet capture runs
until you manually stop it.
until you manually stop it.
Note
If the file reaches the maximum size limit before you
manually stop the packet capture, the oldest part of
the file is deleted (the data is discarded) and a new
part starts with the current packet capture data.
manually stop the packet capture, the oldest part of
the file is deleted (the data is discarded) and a new
part starts with the current packet capture data.
You can always manually stop any packet capture.
Interface
Select the network interface on which to run the packet
capture.
capture.
Filters
Choose whether or not to apply a filter to the packet capture
to reduce the amount of data stored in the packet capture.
to reduce the amount of data stored in the packet capture.
You can use of the predefined filters to filter by port, client
IP, or server IP (GUI only), or you can create a custom filter
using any syntax supported by the Unix
IP, or server IP (GUI only), or you can create a custom filter
using any syntax supported by the Unix
tcpdump
command,
such as
host 10.10.10.10 && port 80
.
The client IP is the IP address of the machine connecting to
the appliance, such as a mail client sending messages
through the Email Security appliance.
the appliance, such as a mail client sending messages
through the Email Security appliance.
The server IP is the IP address of the machine to which the
appliance is connecting, such as an Exchange server to
which the appliance is delivering messages.
appliance is connecting, such as an Exchange server to
which the appliance is delivering messages.
You can use the client and server IP addresses to track traffic
between a specific client and a specific server, with the
Email Security appliance in the middle.
between a specific client and a specific server, with the
Email Security appliance in the middle.