Please let me know if u have this information
The data isn't stored in a directory path. Incidents are stored i the mySql database and the evidence and capture stream are stored in the RFS capture database. You cannot simply SSH into the device and read the emails. The best way to search the capture database for traffic such as email is via the GUI. Click on the "Capture" tab and select advanced search. From there enter search criteria and the select the device you wish to search on. Because the database is large and there is no indexing, searches can take a bit of time.
I can access it from GUI but I just want to know through the ssh.
Ya correct,incidents and capture are stored in database but i want to know the path of those database ..I mean the directory path under which it resides.
Also confirm that once we copy those database files/directory ,can we use it in some other NDLP device or it work only on that appliance.
The incidents reside in the database which is stored in /data/mysql. The database can be moved but requires additional work than a simple copy / paste and is covered in KB80093.
The capture database cannot be copied.
So we cant copy files in /data/mysql to keep it to some other place.Also the KB80093 is for NDLP 9.2.x ,i am using 9.3.2