fwm getpcap

Description

Fetches the IPS packet capture data from the specified Security Gateway.

This command only works with IPS packet captures stored on the Security Gateway in the $FWDIR/log/captures_repository/ directory.

This command does not work with other Software Blades, such as Anti-Bot and Anti-Virus that store packet captures in the $FWDIR/log/blob/ directory on the Security Gateway.

Note:

On a Multi-Domain Server, you must run this command in the context of the applicable Domain Management Server:

mdsenv <IP Address or Name of Domain Management Server>

Syntax

fwm [-d] getpcap -g <Security Gateway> -u '{<Capture UID>}' -p <Local Path>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

For complete debug instructions, see the description of the fwm process in sk97638.

-g <Security Gateway>

Specifies the main IP address or Name of Security Gateway object as configured in SmartConsole.

-u '{<Capture UID>}'

Specifies the Unique ID of the packet capture file.

To see the Unique ID of the packet capture file, open the applicable log file in SmartConsole > Logs & Monitor > Logs.

-p <Local Path>

Specifies the local path to save the specified packet capture file.

If you do not specify the local directory explicitly, the command saves the packet capture file in the current working directory.

Example

[Expert@MGMT:0]# fwm getpcap -g 192.168.162.1 -u '{0x4d79dc02,0x10000,0x220da8c0,0x1ffff}' /var/log/

[Expert@MGMT:0]#