packet captures in version 6.0 and 6.1

Unanswered Question
Jul 16th, 2008

what is the name of the capture file in the filesystem. In the cli it is called "file-info". We need to be able to pull the file from the sensor instead of using the copy commnad to push the file using the CLI.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
5creedus Thu, 07/17/2008 - 10:42

One of my co-workers found it. It is located in the directory /usr/cids/idsRoot/var and there will be 2 files associated with the capture:

-rw-r--r-- 1 root cids 8392 Jul 17 18:33 packet-file

-rw-r--r-- 1 cisco cids 135 Jul 17 18:33 packet-file.info

The packet-file.info contains information about the capture syntax used, start and stop time.

Captured by: cisco:9004, Cmd: packet capture gigabitEthernet0/2 count 60

Start: 2008/07/17 18:32:59 UTC, End: 2008/07/17 18:33:25 UTC

BTW IPlogs are kept in the directory:

/usr/cids/idsRoot/var/iplogs

Actions

This Discussion