?? flow-import.html
字號:
<HTML><HEAD><TITLE>flow-import</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.73"></HEAD><BODYCLASS="REFENTRY"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><H1><ANAME="AEN1"><SPANCLASS="APPLICATION">flow-import</SPAN></A></H1><DIVCLASS="REFNAMEDIV"><ANAME="AEN6"></A><H2>Name</H2><SPANCLASS="APPLICATION">flow-import</SPAN> -- Import flows into flow-tools from other NetFlow packages.</DIV><DIVCLASS="REFSYNOPSISDIV"><ANAME="AEN10"></A><H2>Synopsis</H2><P><BCLASS="COMMAND">flow-import</B> [-h] [-b<TTCLASS="REPLACEABLE"><I> big|little</I></TT>] [-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT>] [-f<TTCLASS="REPLACEABLE"><I> format</I></TT>] [-m<TTCLASS="REPLACEABLE"><I> mask_fields</I></TT>] [-V<TTCLASS="REPLACEABLE"><I> pdu_version</I></TT>] [-z<TTCLASS="REPLACEABLE"><I> z_level</I></TT>]</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN26"></A><H2>DESCRIPTION</H2><P>The <BCLASS="COMMAND">flow-import</B> utility will convert data fromcflowd and ASCII CSV files into flow-tools format.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN30"></A><H2>OPTIONS</H2><P></P><DIVCLASS="VARIABLELIST"><DL><DT>-b<TTCLASS="REPLACEABLE"><I> big</I></TT>|<TTCLASS="REPLACEABLE"><I>little</I></TT></DT><DD><P>Byte order of output.</P></DD><DT>-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT></DT><DD><P>Enable debugging.</P></DD><DT>-f<TTCLASS="REPLACEABLE"><I> format</I></TT></DT><DD><P>Export format. Supported formats are:<PCLASS="LITERALLAYOUT"> 0 cflowd<br> 2 ASCII CSV<br> 3 Cisco NFCollector</P></P></DD><DT>-h</DT><DD><P>Display help.</P></DD><DT>-m<TTCLASS="REPLACEABLE"><I> mask_fields</I></TT></DT><DD><P>Select fields for cflowd and ASCII formats. The<TTCLASS="REPLACEABLE"><I>mask_fields</I></TT>is built from a bitwise OR of the following:</P><P><PRECLASS="SCREEN"> UNIX_SECS 0x0000000000000001LL UNIX_NSECS 0x0000000000000002LL SYSUPTIME 0x0000000000000004LL EXADDR 0x0000000000000008LL DFLOWS 0x0000000000000010LL DPKTS 0x0000000000000020LL DOCTETS 0x0000000000000040LL FIRST 0x0000000000000080LL LAST 0x0000000000000100LL ENGINE_TYPE 0x0000000000000200LL ENGINE_ID 0x0000000000000400LL SRCADDR 0x0000000000001000LL DSTADDR 0x0000000000002000LL SRC_PREFIX 0x0000000000004000LL DST_PREFIX 0x0000000000008000LL NEXTHOP 0x0000000000010000LL INPUT 0x0000000000020000LL OUTPUT 0x0000000000040000LL SRCPORT 0x0000000000080000LL DSTPORT 0x0000000000100000LL PROT 0x0000000000200000LL TOS 0x0000000000400000LL TCP_FLAGS 0x0000000000800000LL SRC_MASK 0x0000000001000000LL DST_MASK 0x0000000002000000LL SRC_AS 0x0000000004000000LL DST_AS 0x0000000008000000LL IN_ENCAPS 0x0000000010000000LL OUT_ENCAPS 0x0000000020000000LL PEER_NEXTHOP 0x0000000040000000LL ROUTER_SC 0x0000000080000000LL EXTRA_PKTS 0x0000000100000000LL MARKED_TOS 0x0000000200000000LL</PRE></P><P>The default value is all fields applicable to the <TTCLASS="REPLACEABLE"><I>pdu_version</I></TT>.</P></DD><DT>-V<TTCLASS="REPLACEABLE"><I> pdu_version</I></TT></DT><DD><P>Use <TTCLASS="REPLACEABLE"><I>pdu_version</I></TT> format output.<PCLASS="LITERALLAYOUT"> 1 NetFlow version 1 (No sequence numbers, AS, or mask)<br> 5 NetFlow version 5<br> 6 NetFlow version 6 (5+ Encapsulation size)<br> 7 NetFlow version 7 (Catalyst switches)<br> 8.1 NetFlow AS Aggregation<br> 8.2 NetFlow Proto Port Aggregation<br> 8.3 NetFlow Source Prefix Aggregation<br> 8.4 NetFlow Destination Prefix Aggregation<br> 8.5 NetFlow Prefix Aggregation<br> 8.6 NetFlow Destination (Catalyst switches)<br> 8.7 NetFlow Source Destination (Catalyst switches)<br> 8.8 NetFlow Full Flow (Catalyst switches)<br> 8.9 NetFlow ToS AS Aggregation<br> 8.10 NetFlow ToS Proto Port Aggregation<br> 8.11 NetFlow ToS Source Prefix Aggregation<br> 8.12 NetFlow ToS Destination Prefix Aggregation<br> 8.13 NetFlow ToS Prefix Aggregation<br> 8.14 NetFlow ToS Prefix Port Aggregation<br> 1005 Flow-Tools tagged version 5</P></P></DD><DT>-z<TTCLASS="REPLACEABLE"><I> z_level</I></TT></DT><DD><P>Configure compression level to <TTCLASS="REPLACEABLE"><I> z_level</I></TT>. 0 isdisabled (no compression), 9 is highest compression.</P></DD></DL></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN77"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN79"></A><P></P><P>Convert the cflowd file <TTCLASS="FILENAME">flows.cflowd</TT> to the flow-toolsfile <TTCLASS="FILENAME">flows</TT>. Store as Version 5 with compression level 5.</P><P> <BCLASS="COMMAND">flow-import -V5 -z5 -f0 < flows.cflowd > flows</B></P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN85"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN87"></A><P></P><P>Convert the ASCII CSV data in flows.ascii to flow-tools format. TheASCII data must include all fields represented by 0xFF31EF in the orderlisted above. Store as Version 5 with no compression. </P><P> <BCLASS="COMMAND">flow-import -z0 -f2 -m0xFF31EF < flows.ascii > flows</B></P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN91"></A><H2>BUGS</H2><P>The pcap format is a hack.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN94"></A><H2>AUTHOR</H2><P>Mark Fullmer<TTCLASS="EMAIL"><<AHREF="mailto:maf@splintered.net">maf@splintered.net</A>></TT></P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN101"></A><H2>SEE ALSO</H2><P><SPANCLASS="APPLICATION">flow-tools</SPAN>(1)</P></DIV></BODY></HTML>?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -