I would love to be able to specify an alternate / secondary hard drive for packet captures. This keeps me from having to use TZSP which is a PIA. If this can’t be added to 2.8.x maybe a thought for 2.9? I’d love to dedicate a disk (besides my flash drive) for running long packet captures when trying to track down botnets, etc.
Sam
In the current version and v2.9, you can stream this to a server.
John
This is what I have been doing, but TZSP encapsulates the packet and then its not the exact same as if you captured it locally, correct? Its hard to do analysis on something when you have to deal with the TZSP layer on top of everything.
We just went through a 250mbps ddos attack yesterday. Having the TZSP logging pretty much makes it impossible to run the pcap through any analysis tools because barely anything understands TZSP. In my next router build I will use a hard disk, but it would be nice for my other machines.
Thanks for the thought,
Sam
We will think about this, but I don’t know that we have enough support already to make it simple to add.
John
how does the streaming server work? what client/daemon do you have to have on the server to capture this stream?
John,
Thank you 
I’m building the new firewall today and plan on just using a hard disk for now - but thanks for keeping this in mind.
Sam