?? flow-xlate.html
字號:
<HTML><HEAD><TITLE>flow-xlate</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.71"></HEAD><BODYCLASS="REFENTRY"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><H1><ANAME="AEN1"><SPANCLASS="APPLICATION">flow-xlate</SPAN></A></H1><DIVCLASS="REFNAMEDIV"><ANAME="AEN6"></A><H2>Name</H2><SPANCLASS="APPLICATION">flow-xlate</SPAN> -- Apply translations to selected fields of a flow.</DIV><DIVCLASS="REFSYNOPSISDIV"><ANAME="AEN10"></A><H2>Synopsis</H2><P><BCLASS="COMMAND">flow-xlate</B> [-fhl] [-0<TTCLASS="REPLACEABLE"><I> AS0_substitution</I></TT>] [-b<TTCLASS="REPLACEABLE"><I> big</I></TT>|<TTCLASS="REPLACEABLE"><I>little</I></TT>] [-C<TTCLASS="REPLACEABLE"><I> comment</I></TT>] [-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT>] [-m<TTCLASS="REPLACEABLE"><I> privacy_mask</I></TT>] [-s<TTCLASS="REPLACEABLE"><I> scale</I></TT>] [-t<TTCLASS="REPLACEABLE"><I> src_tag_mask</I></TT>] [-T<TTCLASS="REPLACEABLE"><I> dst_tag_mask</I></TT>] [-V<TTCLASS="REPLACEABLE"><I> pdu_version</I></TT>] [-z<TTCLASS="REPLACEABLE"><I> z_level</I></TT>]</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN35"></A><H2>DESCRIPTION</H2><P>The <BCLASS="COMMAND">flow-xlate</B> utility can translate between thenon aggregated flow export versions (1,5,6,7) and modify some fieldsof a flow.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN39"></A><H2>OPTIONS</H2><P></P><DIVCLASS="VARIABLELIST"><DL><DT>-0<TTCLASS="REPLACEABLE"><I> AS0_substitution</I></TT></DT><DD><P>Cisco's NetFlow exports represent the local autonomous system as 0 instead ofthe real value. This option can be used to replace the 0 in the export withthe a configured value. Unfortunately under certain configurations AS 0 canalso represent a cache miss or non forwarded traffic so use with caution.</P></DD><DT>-b<TTCLASS="REPLACEABLE"><I> big</I></TT>|<TTCLASS="REPLACEABLE"><I>little</I></TT></DT><DD><P>Byte order of output.</P></DD><DT>-C<TTCLASS="REPLACEABLE"><I> Comment</I></TT></DT><DD><P>Add a comment.</P></DD><DT>-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT></DT><DD><P>Enable debugging.</P></DD><DT>-f</DT><DD><P>Convert the source and destination IP addresses to network addressesusing the mask bits in the flow. For example 128.146.1.7/16 would become128.146/16</P></DD><DT>-h</DT><DD><P>Display help.</P></DD><DT>-l</DT><DD><P>Convert the source and destination IP addresses to legacy classfulnetwork addresses. For example 128.146.1.7 would become 128.146.0.0.</P></DD><DT>-m<TTCLASS="REPLACEABLE"><I> privacy_mask</I></TT></DT><DD><P>Apply <TTCLASS="REPLACEABLE"><I>privacy_mask</I></TT> to the source and destination IPaddress of flows. For example a privacy_mask of 255.255.255.0 would convertflows with source/destination IP addresses 10.1.1.1 and 10.2.2.2 to 10.1.1.0and 10.2.2.0 respectively.</P></DD><DT>-n<TTCLASS="REPLACEABLE"><I> version</I></TT></DT><DD><P>Generate version type exports. Supported versions are:<PCLASS="LITERALLAYOUT"> 1 NetFlow version 1 (No sequence numbers, AS, or mask)<br> 5 NetFlow version 5<br> 6 NetFlow version 6 (5+ Encapsulation size)<br> 7 NetFlow version 7 (Catalyst switches)<br> 8.1 NetFlow AS Aggregation<br> 8.2 NetFlow Proto Port Aggregation<br> 8.3 NetFlow Source Prefix Aggregation<br> 8.4 NetFlow Destination Prefix Aggregation<br> 8.5 NetFlow Prefix Aggregation<br> 8.6 NetFlow Destination (Catalyst switches)<br> 8.7 NetFlow Source Destination (Catalyst switches)<br> 8.8 NetFlow Full Flow (Catalyst switches)<br> 8.9 NetFlow ToS AS Aggregation<br> 8.10 NetFlow ToS Proto Port Aggregation<br> 8.11 NetFlow ToS Source Prefix Aggregation<br> 8.12 NetFlow ToS Destination Prefix Aggregation<br> 8.13 NetFlow ToS Prefix Aggregation<br> 8.14 NetFlow ToS Prefix Port Aggregation<br> 1005 Flow-Tools tagged version 5</P></P></DD><DT>-s<TTCLASS="REPLACEABLE"><I> scale</I></TT></DT><DD><P>Scale the flows and octets and packets fields by <TTCLASS="REPLACEABLE"><I>scale</I></TT>.</P></DD><DT>-t<TTCLASS="REPLACEABLE"><I> src_tag_mask</I></TT></DT><DD><P>AND <TTCLASS="REPLACEABLE"><I>src_tag_mask</I></TT> with src_tag in flow.</P></DD><DT>-T<TTCLASS="REPLACEABLE"><I> dst_tag_mask</I></TT></DT><DD><P>AND <TTCLASS="REPLACEABLE"><I>dst_tag_mask</I></TT> with dst_tag in flow.</P></DD><DT>-z<TTCLASS="REPLACEABLE"><I> z_level</I></TT></DT><DD><P>Configure compression level to <TTCLASS="REPLACEABLE"><I> z_level</I></TT>. 0 isdisabled (no compression), 9 is highest compression.</P></DD></DL></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN111"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN113"></A><P></P><P>Convert the version 7 flows in <TTCLASS="FILENAME">flows.v7</TT> to version 5,storing the result in <TTCLASS="FILENAME">flows.v5</TT>.</P><P> <BCLASS="COMMAND">flow-xlate -V5 < flows.v7 > flows.v5</B></P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN119"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN121"></A><P></P><P>Summarize IP addresses to IP network numbers and generate a source prefixlist report sorted by octets.</P><P> <BCLASS="COMMAND">flow-xlate -f < flows | flow-stat -f9 -w -S2</B></P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN125"></A><H2>BUGS</H2><P>The scale option can overflow the 32 bit flow counters. This could besolved by detecting this condition and splitting the flow in two.</P><P>Translation between aggregated and non aggregated formats is not supported.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN129"></A><H2>AUTHOR</H2><P>Mark Fullmer<TTCLASS="EMAIL"><<AHREF="mailto:maf@splintered.net">maf@splintered.net</A>></TT></P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN136"></A><H2>SEE ALSO</H2><P><SPANCLASS="APPLICATION">flow-tools</SPAN>(1)</P></DIV></BODY></HTML>?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -