I want to run a constant 60 minute packet buffer (tcpdump) on my sensors so that I can go back and look at the full breadth of all traffic passing by my interface to help make better decisions and more datapoints during incident response.
Anyone done this on a Cisco sensor before? I run tcpdump with increasing regularity to do packetdumps for inspection on the sensors with no issues -- outside of diskspace am I missing something?
While I fully trust that the stock cisco answer will be "don't do that", my question is really more to the forum at large -- has anyone done this before and if so -- did it work ok -- did your sensor performance degrade significantly? Yes I could put another box out there to do this, but its so clean if I can keep it in the context of the sensors.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...