I want to generate packet capture files for http & smtp traffic for the prevent device which is installed in our company. I tried to follow the steps mentioned in the KB article wihch generated a pcap file on the prevent appliance however the size of the file is constantly remaining 0 kbs inspite of generating a lot of events. Not sure, what could be the issue with this. I would appreciate if somebody can help me with this.
I used the below command to generate the pcap file:
tcpdump -npi eth2 -Xs 1500 net 10.52.147.130 and port 80 -w /tmp/http.pcap
The above command does generate a pcap file however no capture data seems to be getting logged.