cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3618
Views
0
Helpful
6
Replies

Capture files on FTD itself

cpaquet
Beginner
Beginner

where are captured files stored on FTD?  What is the path to the directory to see them? Once on the directory, could the command file delete xxxx be used to delete them?

I personally think that it's easier to manage capture via the UI, but need to know how to delete those files from CLI.

Thank you.

2 Accepted Solutions

Accepted Solutions

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

if the file was not in this folder, I get on to sudo su (root)

 

Search for the files using the below command :

 

find / -name Test4* -print

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

cpaquet
Beginner
Beginner

Hi BB, 

Thank you so much for you help and patience.

I have attached the result - very long - of the sudo find command. I can't pinpoint to one directory where I could find the capture file would be:  besides the numerous process directories, health monitor, etc.

Thanks for your help. Much appreciated. 

PS: as I mentioned in my first entyr, if you wish to see for yourself, this example is straigth out of the newest dCloud Firepower lab, v1.7.

Regards,

CP

View solution in original post

6 Replies 6

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Most cases they stored in below folder, you can check

 

/ngfw/var/common/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi BB, 

see screen capture. 

The captured file is not in the path:  

/ngfw/var/common/

This screen capture was done on Cisco's dCloud Firepower v1.7 lab, this afternoon. It's a NGFWv v6.7.

Any idea where else I could look?  From the expert mode, I can't get a list of the directory with the ls cmd. 

 

Any help would be appreciated.

 

Thanks.

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

if the file was not in this folder, I get on to sudo su (root)

 

Search for the files using the below command :

 

find / -name Test4* -print

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cpaquet
Beginner
Beginner

Hi BB, 

Thank you so much for you help and patience.

I have attached the result - very long - of the sudo find command. I can't pinpoint to one directory where I could find the capture file would be:  besides the numerous process directories, health monitor, etc.

Thanks for your help. Much appreciated. 

PS: as I mentioned in my first entyr, if you wish to see for yourself, this example is straigth out of the newest dCloud Firepower lab, v1.7.

Regards,

CP

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

you do not have enough rights to fnd the files in the folders,. most of the denied to get access to view what in the folder

 

you need to get # prompt to run that command not $

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks BB. Much appreciated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers