Support Center > Search Results > SecureKnowledge Details
Packet capture for IPS logs with "Prevent" or "Detect" actions does not show the desired number of packets Technical Level
  • Packet capture in an IPS log with a "Prevent" action shows only one packet.
  • If the action is "Detect", not enough packets are captured as per the user's requirements.

This behavior is by design: Threat Prevention packet captures behave in the following manner according to the current architecture:

  • If the connection was blocked (action Prevent), we save only the last packet.
  • If the connection continues (action Detect), we save 100kb by default (configurable).

Note: To view this solution you need to Sign In .