<HTML ><HEAD ><TITLE >flow-import</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.73 "></HEAD ><BODY CLASS="REFENTRY" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><H1 ><A NAME="AEN1" ><SPAN CLASS="APPLICATION" >flow-import</SPAN ></A ></H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6" ></A ><H2 >Name</H2 ><SPAN CLASS="APPLICATION" >flow-import</SPAN > -- Import flows into flow-tools from other NetFlow packages.</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >flow-import</B > [-h] [-b<TT CLASS="REPLACEABLE" ><I > big|little</I ></TT >] [-d<TT CLASS="REPLACEABLE" ><I > debug_level</I ></TT >] [-f<TT CLASS="REPLACEABLE" ><I > format</I ></TT >] [-m<TT CLASS="REPLACEABLE" ><I > mask_fields</I ></TT >] [-V<TT CLASS="REPLACEABLE" ><I > pdu_version</I ></TT >] [-z<TT CLASS="REPLACEABLE" ><I > z_level</I ></TT >]</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN26" ></A ><H2 >DESCRIPTION</H2 ><P >The <B CLASS="COMMAND" >flow-import</B > utility will convert data from cflowd and ASCII CSV files into flow-tools format.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN30" ></A ><H2 >OPTIONS</H2 ><P ></P ><DIV CLASS="VARIABLELIST" ><DL ><DT >-b<TT CLASS="REPLACEABLE" ><I > big</I ></TT >|<TT CLASS="REPLACEABLE" ><I >little</I ></TT ></DT ><DD ><P >Byte order of output.</P ></DD ><DT >-d<TT CLASS="REPLACEABLE" ><I > debug_level</I ></TT ></DT ><DD ><P >Enable debugging.</P ></DD ><DT >-f<TT CLASS="REPLACEABLE" ><I > format</I ></TT ></DT ><DD ><P >Export format. Supported formats are: <P CLASS="LITERALLAYOUT" > 0 cflowd<br> 2 ASCII CSV<br> 3 Cisco NFCollector</P ></P ></DD ><DT >-h</DT ><DD ><P >Display help.</P ></DD ><DT >-m<TT CLASS="REPLACEABLE" ><I > mask_fields</I ></TT ></DT ><DD ><P >Select fields for cflowd and ASCII formats. The <TT CLASS="REPLACEABLE" ><I >mask_fields</I ></TT > is built from a bitwise OR of the following:</P ><P ><PRE CLASS="SCREEN" > UNIX_SECS 0x0000000000000001LL UNIX_NSECS 0x0000000000000002LL SYSUPTIME 0x0000000000000004LL EXADDR 0x0000000000000008LL DFLOWS 0x0000000000000010LL DPKTS 0x0000000000000020LL DOCTETS 0x0000000000000040LL FIRST 0x0000000000000080LL LAST 0x0000000000000100LL ENGINE_TYPE 0x0000000000000200LL ENGINE_ID 0x0000000000000400LL SRCADDR 0x0000000000001000LL DSTADDR 0x0000000000002000LL SRC_PREFIX 0x0000000000004000LL DST_PREFIX 0x0000000000008000LL NEXTHOP 0x0000000000010000LL INPUT 0x0000000000020000LL OUTPUT 0x0000000000040000LL SRCPORT 0x0000000000080000LL DSTPORT 0x0000000000100000LL PROT 0x0000000000200000LL TOS 0x0000000000400000LL TCP_FLAGS 0x0000000000800000LL SRC_MASK 0x0000000001000000LL DST_MASK 0x0000000002000000LL SRC_AS 0x0000000004000000LL DST_AS 0x0000000008000000LL IN_ENCAPS 0x0000000010000000LL OUT_ENCAPS 0x0000000020000000LL PEER_NEXTHOP 0x0000000040000000LL ROUTER_SC 0x0000000080000000LL EXTRA_PKTS 0x0000000100000000LL MARKED_TOS 0x0000000200000000LL</PRE ></P ><P >The default value is all fields applicable to the <TT CLASS="REPLACEABLE" ><I >pdu_version</I ></TT >.</P ></DD ><DT >-V<TT CLASS="REPLACEABLE" ><I > pdu_version</I ></TT ></DT ><DD ><P >Use <TT CLASS="REPLACEABLE" ><I >pdu_version</I ></TT > format output. <P CLASS="LITERALLAYOUT" > 1 NetFlow version 1 (No sequence numbers, AS, or mask)<br> 5 NetFlow version 5<br> 6 NetFlow version 6 (5+ Encapsulation size)<br> 7 NetFlow version 7 (Catalyst switches)<br> 8.1 NetFlow AS Aggregation<br> 8.2 NetFlow Proto Port Aggregation<br> 8.3 NetFlow Source Prefix Aggregation<br> 8.4 NetFlow Destination Prefix Aggregation<br> 8.5 NetFlow Prefix Aggregation<br> 8.6 NetFlow Destination (Catalyst switches)<br> 8.7 NetFlow Source Destination (Catalyst switches)<br> 8.8 NetFlow Full Flow (Catalyst switches)<br> 8.9 NetFlow ToS AS Aggregation<br> 8.10 NetFlow ToS Proto Port Aggregation<br> 8.11 NetFlow ToS Source Prefix Aggregation<br> 8.12 NetFlow ToS Destination Prefix Aggregation<br> 8.13 NetFlow ToS Prefix Aggregation<br> 8.14 NetFlow ToS Prefix Port Aggregation<br> 1005 Flow-Tools tagged version 5</P ></P ></DD ><DT >-z<TT CLASS="REPLACEABLE" ><I > z_level</I ></TT ></DT ><DD ><P >Configure compression level to <TT CLASS="REPLACEABLE" ><I > z_level</I ></TT >. 0 is disabled (no compression), 9 is highest compression.</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN77" ></A ><H2 >EXAMPLES</H2 ><DIV CLASS="INFORMALEXAMPLE" ><A NAME="AEN79" ></A ><P ></P ><P >Convert the cflowd file <TT CLASS="FILENAME" >flows.cflowd</TT > to the flow-tools file <TT CLASS="FILENAME" >flows</TT >. Store as Version 5 with compression level 5.</P ><P > <B CLASS="COMMAND" >flow-import -V5 -z5 -f0 < flows.cflowd > flows</B ></P ><P ></P ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN85" ></A ><H2 >EXAMPLES</H2 ><DIV CLASS="INFORMALEXAMPLE" ><A NAME="AEN87" ></A ><P ></P ><P >Convert the ASCII CSV data in flows.ascii to flow-tools format. The ASCII data must include all fields represented by 0xFF31EF in the order listed above. Store as Version 5 with no compression. </P ><P > <B CLASS="COMMAND" >flow-import -z0 -f2 -m0xFF31EF < flows.ascii > flows</B ></P ><P ></P ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN91" ></A ><H2 >BUGS</H2 ><P >The pcap format is a hack.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN94" ></A ><H2 >AUTHOR</H2 ><P >Mark Fullmer <TT CLASS="EMAIL" ><<A HREF="mailto:maf@splintered.net" >maf@splintered.net</A >></TT ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN101" ></A ><H2 >SEE ALSO</H2 ><P ><SPAN CLASS="APPLICATION" >flow-tools</SPAN >(1)</P ></DIV ></BODY ></HTML >