Skip to main content
Skip table of contents

Enable Packet Capture (PCAP)

Background

In the MongoDB, you can see a new database called PCAP files. This is where Packet Capture (PCAP) files are stored. PCAP (also known as libpcap) is an application programming interface (API) that captures live network packet data from OSI model Layers 2-7. In this feature, PCAPs are generated for incident events, available for download, and complete and viable.

Enable Packet Capture (PCAP) in the UI

  1. Log in to the LogRhythm NDR UI.
  2. Click the Settings tab, click Policy Management, then click Feature Configuration in the submenu.
  3. Select the Pcap Enable check box and click Update.
    The PCAP service begins storing the PCAP files into the Mongo DB.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close