I am trying to capture all the traffic to one of the servers using the pcap feature for a period of time when we have an issue crawling up.
Below is what I have but there are a few thing that are messing up. I am trying to get traffic to or from one ip and the traffic that is captured is not contained to just that IP. I assigned this trigger to the subject device.
Any help is greatly appreciated.
I’d also like to understand the relation between setting up the capture options on the administration page and setting them up in the trigger itself.
var pcapName = 'OnDemand_' + Flow.server.ipaddr; Flow.captureStart(pcapName); debug('Start PCAP: ' + pcapName);