Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Ramy
Staff
Staff

Created on ‎10-03-2024 12:56 AM Edited on ‎10-03-2024 06:29 AM By Moderator

Article Id 346520

Technical Tip: How to Download 'PCAP' files in encrypted and ZIP format

Description This article describes how to set packet capture (PCAP) files to download from FortiAnalyzer encrypted and/or in ZIP format.
This feature has been added to FortiAnalyzer Starting from release v7.4.1.
Scope FortiAnalyzer/FortiManager (FortiAnalyzer Feature enabled).
Solution

  1. In the FortiAnalyzer CLI, set the pcap-file download mode to zip-with-password:

 

config system log pcap-file

    set download-modezip-with-password{plain | zip | zip-with-password} <----- Alternative options.

end

 

  1. In the FortiAnalyzer GUI, go to Log View and 'double-click' a log containing an archive file.

  2. In the Data section, select the download icon for the Archive field.

 

1.png

 

The file is downloaded and the password is displayed in the FortiAnalyzer GUI. Copy the password, as needed to decrypt the archived Zip file.


2.png

 

To unlock the downloaded file, the previously saved password must be used.


3.png

 

Note:

Archive contents should be enabled in FortiGate to reflect on FortiAnalyzer logs.
          

Related article:

Technical Note: How to archive content of all emails passing through a FortiGate 
498
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.