The PCAP Data column is not displayed
on the Log Activity tab by default. When you
create search criteria, you must select the PCAP Data column
in the Column Definition pane.
Before you begin
Before you can display PCAP data on the Log Activity tab,
the Juniper SRX-Series Services Gateway log source must be configured
with the PCAP Syslog Combination protocol. For more information about
configuring log source protocols, see the Managing Log Sources Guide.
About this task
When you perform a search that includes the PCAP
Data column, an icon is displayed in the PCAP
Data column of the search results if PCAP data is available
for an event. Using the PCAP icon, you can
view the PCAP data or download the PCAP file
to your desktop system.
Procedure
-
Click the Log Activity tab.
-
From the Search list box, select New
Search.
-
Optional. To search for events that have PCAP data, configure
the following search criteria:
-
From the first list box, select PCAP data.
-
From the second list box, select Equals.
-
From the third list box, select True.
-
Click Add Filter.
-
Configure your column definitions to include the PCAP
Data column:
-
From the Available Columns list
in the Column Definition pane, click PCAP Data.
-
Click the Add Column icon on
the bottom set of icons to move the PCAP Data column
to the Columns list.
-
Optional. Click the Add Column icon
in the top set of icons to move the PCAP Data column
to the Group By list.
-
Click Filter.
-
Optional. If you are viewing events in streaming mode,
click the Pause icon to pause streaming.
-
Double-click the event that you want to investigate.
What to do next
For more information about viewing and downloading PCAP data,
see the following sections: