Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2084
Views
10
Helpful
2
Replies

IPS packet captures-disk space

jason.giambrone
Level 1
Level 1

‎06-21-2011 07:18 AM - edited ‎03-10-2019 05:22 AM

I have been doing packet captures on High and Medium events and in the IME there is no obvious way to delete old captures. They don't take up alot space but I wanted to know if there is a way to view the disk capacity on the IPS and how I can delete old capture files from the IPS.

Labels:
0 Helpful
2 Replies 2

Justin Teixeira
Level 1
Level 1

‎06-21-2011 07:55 AM

Hi Jason,

     The ip logging functionality stores the logs in a circular buffer, so there is no need (and no supported way) to delete/manage the old log files - they will be overwritten then new logs necessitate it. 

All of the information on ip logging can be found here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ip_logging.html#wp1030704

Also, unless you have a specific need for full stream captures for all high/medium events, you can use the "Produce Verbose Alert" action instead of the ip logging actions to capture the offending packet with significantly less resource utilization per alert.

-JT

jason.giambrone
Level 1
Level 1
In response to Justin Teixeira

‎06-21-2011 08:40 AM

Thanks Justin. I have been relying on the packet captures because the email notifications are not working as you know.

Jason

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card