The purpose of this post is to inform others of how to pull the Pcap file off've the XG until the https://<appliance ip>/documents/tcpdump.pcap issue is resolved.
Any items italicised and in quotes should be typed directly into the console without quotes.
This is a back to braces guide which I discovered while working with Sophos Support on another issue.
So there you have it, this is a short guide which I hope is informative enough to help the people here grab the Tcpdumps for deeper analysis of issues in the XG.
Please feel free to comment and any additions and changes that are requested/suggested will be taken into consideration, acted upon and credited.
I would like to add the suggestion of using SCP to export the file over SSH.
I did find that trying to use scp without a little bit of "trickery" does present a small problem, as the scp binary tries to find ssh in the wrong place
from the command line on the XG:
#scp -S /usr/bin/ssh sourcefile.pcap user@host:destfile.pcal
works like a charm
We can also copy files saved on the router by initiating scp from another linux server. E.g:
scp admin@router_ip:/tmp/data/tcpdump.pcap . or better scp -p admin@router_ip:/tmp/data/tcpdump.pcap .
which will keep the original creation time of the files. This is very useful when we need to analyze router logs using other tools than those available in SFOS. Or simply archive them cyclically.