Viewing Raw Packet in Reports

  • 1
  • Question
  • Updated 3 years ago
  • (Edited)
I am looking to run a report on outdated flash versions and in order to see the versions of Flash I need to read the individual raw packet.
Is there any way to view the raw packet in the report so that i can export to CSV and edit later?
Thanks,
Cormac
Photo of Cormac O'Reilly

Cormac O'Reilly

  • 1 Post
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes
We're currently looking into this for you.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes
The description that I have, is that when you run and export the Security :: events (IDS)​ to CSV, the Raw packet information is not included in the CSV results.

This is not currently officially supported.

In the meantime, there is a workaround that you can use to have the raw packet output via RESTAPI (only solution without changes to the system).

You currently have access to all the required parameters, via the report Security :: events (ids)  RID=87. The parameter that you need, but don't have access to is eid. This can be obtained by creating a custom report.

Here’s an example of a command using wget (on Unix) to call the raw.cgi page

wget -S -o status_raw.txt -O output_raw.txt --no-check-certificate "http://x.x.x.x/ids/raw.cgi?senid=1&aid=3&sid=2014920&eid=29248600&t=1443513474&lg_login_username=Administrator&lg_login_password=PASSWORD"

Lastly, I have emailed you directly a sample results (scroll down to the bottom of the page). If the returned results are what you are looking for I can send you can email with instructions to walk you through the basics of each of required steps.