https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15258#M11208 <HTML><HEAD></HEAD><BODY><P>Hello Mr. Linux,</P><P></P><P>Only TAC engineer can help to clear threat PCAP database as it requires root access. Kindly refer following two document, it should have answer to all queries.</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3826">Daily Packet Capture Limit Message in System Logs</A></P><P><A href="https://live.paloaltonetworks.com/message/6193">Daily packet capture limit</A></P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Fri, 24 Oct 2014 11:47:20 GMT hshah 2014-10-24T11:47:20Z https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15255#M11205 <HTML><HEAD></HEAD><BODY><P>Hey all,</P><P></P><P>Is there a way to clear the threat pcap database?</P><P>We are running PanOS 5.0.x so the pcaps are not automatically overwritten, and we get the message saying our daily packet capture limit has been reached.</P><P>We have turned off pcaps on the security profiles, so no new pcaps are being taken, but the database remains full...</P><P></P><P>I know you can clear the "unknown-apps"-pcap database -&gt; <EM>delete unknown-pcap directory xxx</EM></P><P>And you can clear the "debug filter"-pcaps -&gt; <EM>debug dataplane packet-diag clear all</EM></P><P>But how can you clear the "threat"-pcap database?</P><P></P><P>Kind regards</P></BODY></HTML> Fri, 24 Oct 2014 08:41:13 GMT https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15255#M11205 mr.linus 2014-10-24T08:41:13Z https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15256#M11206 <HTML><HEAD></HEAD><BODY><P>Hello mr.linus,</P><P></P><P>There is no way to clear the threat pcap database from the command line. Also, the threat pcap will not purge once the daily limit is reached which is <SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">131072 packet capture files.</SPAN></P><P>One way to clear the the threat pcaps would be to delete the directory from the root. It has already been confirmed that once deleted, the threat pcap database directory recreates itself in the root.</P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 24 Oct 2014 09:59:53 GMT https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15256#M11206 tshiv 2014-10-24T09:59:53Z https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15257#M11207 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Hello <SPAN class="GINGER_SOFTWARE_mark">mr</SPAN><SPAN class="GINGER_SOFTWARE_mark">.</SPAN><SPAN class="GINGER_SOFTWARE_mark">linus</SPAN>,</SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><SPAN class="GINGER_SOFTWARE_mark">pcaps</SPAN> are stored in a database and a unique “<SPAN class="GINGER_SOFTWARE_mark">pcap</SPAN> id” is given to each <SPAN class="GINGER_SOFTWARE_mark">pcap</SPAN>. The <SPAN class="GINGER_SOFTWARE_mark">pcap</SPAN> id is stored in the associated threat log and provides a cleaner way to reference <SPAN class="GINGER_SOFTWARE_mark">pcaps</SPAN> for a specific threat log. But the only way to delete those files from the root.&nbsp; If there are features we currently don't have but you would like to see added, you may contact with your Palo Alto Networks SE/sales representative and they can create a feature request for you.</SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Thanks<BR /></SPAN></P></BODY></HTML> Fri, 24 Oct 2014 11:03:12 GMT https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15257#M11207 HULK 2014-10-24T11:03:12Z https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15258#M11208 <HTML><HEAD></HEAD><BODY><P>Hello Mr. Linux,</P><P></P><P>Only TAC engineer can help to clear threat PCAP database as it requires root access. Kindly refer following two document, it should have answer to all queries.</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3826">Daily Packet Capture Limit Message in System Logs</A></P><P><A href="https://live.paloaltonetworks.com/message/6193">Daily packet capture limit</A></P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Fri, 24 Oct 2014 11:47:20 GMT https://live.paloaltonetworks.com/t5/general-topics/clear-the-threat-pcap-database/m-p/15258#M11208 hshah 2014-10-24T11:47:20Z