Skip to content

Packet Capture

Packet Capture profiles are configured at the Valtix Gateway level and enabled in Policy Rules, Network Threat Profiles, and Web Protection Profiles to capture entire flows or threats.

Create Packet Capture Profile

  1. Navigate to Manage -> Profiles -> Packet Capture
  2. Click Create
  3. Provide a name and description
  4. Select a CSP Account
  5. Provide a cloud storage bucket. The bucket must already exist and the Valtix Gateways this profile will be attached to must have the correct IAM permissions for captures to be uploaded successfully.
  6. If an Azure CSP Account was selected, then a Storage Account Name, Blob Container, and Storage Access Key must be specified instead.

Capture File Formats

Policy Rule Capture - <bucketname>/<cspaccountname>/<gatewayname>/flow-packet-captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<policyname>.pcap.gz

IPS Threat Capture - <bucketname>/<cspaccountname>/<gatewayname>/network-threats-captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.pcap.gz

WAF Threat Capture - <bucketname>/<cspaccountname>/<gatewayname>/web-protection-captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.har.gz

API Logging - <bucketname>/<cspaccountname>/<gatewayname>/api-logging-captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.har.gz