To do this in the ProxyAV Management Console, go to Utilities > Diagnostics. Enter the appropriate capture parameters (an example is shown below) and press the START! button.




After the capture has completed, it will be displayed as a 'PacketLogYYMMDD-hhmmss.log' file in the list of log files.



Select the appropriate file to download it to your desktop and then upload the file to Blue Coat.

NOTE:  
This file is encrypted and can only be read by Blue Coat personnel.  

In order to convert the file into the CAP or PCAP format, you must contact Blue Coat Technical Support for conversion. If you want to analyze or convert the file into the readable PCAP/CAP format, please follow the normal case escalation procedure.

The generated PacketLog or Packet Capture file generated are in the file name format as follows:

Generated File Name Format
PacketLogYYYYMMDD-TTTTTT.log

Where YYYYMMDD = Year Month Day
TTTTTT = Time 

Example
PacketLog20111215-102108.log

Once converted, you can use Wireshark/Ethereal or any application to parse through the packet capture.