Downloading traffic for events

When viewing the table of events, you can download traffic related to registered NDR events and aggregate events. Traffic is downloaded as a PCAP file (if one event is selected) or as a ZIP archive containing PCAP files (if multiple events are selected).

You can download traffic if no more than 200 events are selected in the table of events (also counting events nested inside aggregate events).

Traffic for events is downloaded from the application database. Traffic can be stored in the database for registered NDR events if traffic saving is enabled for these events. The application can also directly save traffic in the database upon request to download traffic, using traffic dump files. These files are used for temporary storage and are automatically deleted as new traffic arrives (the rotation period depends on the amount of traffic and the application storage configuration). To guarantee the availability of traffic for download, we recommend enabling traffic saving for the relevant event types and configuring traffic storage in the database in accordance with the rate of traffic accumulation the rate of event registration.

To download a traffic file for NDR events or aggregate events:

1. In the Network traffic events section, select the NDR events and aggregate events for which you want to download traffic.
2. Click Download traffic.
3. If file generation takes a long time (more than 15 seconds), the file generation operation becomes a background operation. In that case, follow these steps to download the file:
   1. Click the button in the application web interface menu.

      This opens the list of background operations.

   2. Wait for the file generation operation to complete.
   3. Click the Download file button.

Your browser saves the downloaded file. Depending on your browser's settings, a window may be displayed on your screen in which you can specify the path and name of the downloaded file.

Page top