07-16-2008 02:50 PM - edited 03-10-2019 04:12 AM
what is the name of the capture file in the filesystem. In the cli it is called "file-info". We need to be able to pull the file from the sensor instead of using the copy commnad to push the file using the CLI.
07-17-2008 03:38 AM
I don't there there is any extension for the file. Have a look at this:
http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliPack.html#wp1034074
Regards
Farrukh
07-17-2008 10:42 AM
One of my co-workers found it. It is located in the directory /usr/cids/idsRoot/var and there will be 2 files associated with the capture:
-rw-r--r-- 1 root cids 8392 Jul 17 18:33 packet-file
-rw-r--r-- 1 cisco cids 135 Jul 17 18:33 packet-file.info
The packet-file.info contains information about the capture syntax used, start and stop time.
Captured by: cisco:9004, Cmd: packet capture gigabitEthernet0/2 count 60
Start: 2008/07/17 18:32:59 UTC, End: 2008/07/17 18:33:25 UTC
BTW IPlogs are kept in the directory:
/usr/cids/idsRoot/var/iplogs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide