<HTML
><HEAD
><TITLE
>flow-import</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="AEN1"
><SPAN
CLASS="APPLICATION"
>flow-import</SPAN
></A
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN6"
></A
><H2
>Name</H2
><SPAN
CLASS="APPLICATION"
>flow-import</SPAN
> -- Import flows into flow-tools from other NetFlow packages.</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN10"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>flow-import</B
> [-h] [-b<TT
CLASS="REPLACEABLE"
><I
> big|little</I
></TT
>] [-d<TT
CLASS="REPLACEABLE"
><I
> debug_level</I
></TT
>] [-f<TT
CLASS="REPLACEABLE"
><I
> format</I
></TT
>] [-m<TT
CLASS="REPLACEABLE"
><I
> mask_fields</I
></TT
>] [-V<TT
CLASS="REPLACEABLE"
><I
> pdu_version</I
></TT
>] [-z<TT
CLASS="REPLACEABLE"
><I
> z_level</I
></TT
>]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
></A
><H2
>DESCRIPTION</H2
><P
>The <B
CLASS="COMMAND"
>flow-import</B
> utility will convert data from
cflowd and ASCII CSV files into flow-tools format.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN30"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-b<TT
CLASS="REPLACEABLE"
><I
> big</I
></TT
>|<TT
CLASS="REPLACEABLE"
><I
>little</I
></TT
></DT
><DD
><P
>Byte order of output.</P
></DD
><DT
>-d<TT
CLASS="REPLACEABLE"
><I
> debug_level</I
></TT
></DT
><DD
><P
>Enable debugging.</P
></DD
><DT
>-f<TT
CLASS="REPLACEABLE"
><I
> format</I
></TT
></DT
><DD
><P
>Export format. Supported formats are:
<P
CLASS="LITERALLAYOUT"
> 0 cflowd<br>
2 ASCII CSV<br>
3 Cisco NFCollector</P
></P
></DD
><DT
>-h</DT
><DD
><P
>Display help.</P
></DD
><DT
>-m<TT
CLASS="REPLACEABLE"
><I
> mask_fields</I
></TT
></DT
><DD
><P
>Select fields for cflowd and ASCII formats. The
<TT
CLASS="REPLACEABLE"
><I
>mask_fields</I
></TT
>
is built from a bitwise OR of the following:</P
><P
><PRE
CLASS="SCREEN"
> UNIX_SECS 0x0000000000000001LL
UNIX_NSECS 0x0000000000000002LL
SYSUPTIME 0x0000000000000004LL
EXADDR 0x0000000000000008LL
DFLOWS 0x0000000000000010LL
DPKTS 0x0000000000000020LL
DOCTETS 0x0000000000000040LL
FIRST 0x0000000000000080LL
LAST 0x0000000000000100LL
ENGINE_TYPE 0x0000000000000200LL
ENGINE_ID 0x0000000000000400LL
SRCADDR 0x0000000000001000LL
DSTADDR 0x0000000000002000LL
SRC_PREFIX 0x0000000000004000LL
DST_PREFIX 0x0000000000008000LL
NEXTHOP 0x0000000000010000LL
INPUT 0x0000000000020000LL
OUTPUT 0x0000000000040000LL
SRCPORT 0x0000000000080000LL
DSTPORT 0x0000000000100000LL
PROT 0x0000000000200000LL
TOS 0x0000000000400000LL
TCP_FLAGS 0x0000000000800000LL
SRC_MASK 0x0000000001000000LL
DST_MASK 0x0000000002000000LL
SRC_AS 0x0000000004000000LL
DST_AS 0x0000000008000000LL
IN_ENCAPS 0x0000000010000000LL
OUT_ENCAPS 0x0000000020000000LL
PEER_NEXTHOP 0x0000000040000000LL
ROUTER_SC 0x0000000080000000LL
EXTRA_PKTS 0x0000000100000000LL
MARKED_TOS 0x0000000200000000LL</PRE
></P
><P
>The default value is all fields applicable to the <TT
CLASS="REPLACEABLE"
><I
>pdu_version</I
></TT
>.</P
></DD
><DT
>-V<TT
CLASS="REPLACEABLE"
><I
> pdu_version</I
></TT
></DT
><DD
><P
>Use <TT
CLASS="REPLACEABLE"
><I
>pdu_version</I
></TT
> format output.
<P
CLASS="LITERALLAYOUT"
> 1 NetFlow version 1 (No sequence numbers, AS, or mask)<br>
5 NetFlow version 5<br>
6 NetFlow version 6 (5+ Encapsulation size)<br>
7 NetFlow version 7 (Catalyst switches)<br>
8.1 NetFlow AS Aggregation<br>
8.2 NetFlow Proto Port Aggregation<br>
8.3 NetFlow Source Prefix Aggregation<br>
8.4 NetFlow Destination Prefix Aggregation<br>
8.5 NetFlow Prefix Aggregation<br>
8.6 NetFlow Destination (Catalyst switches)<br>
8.7 NetFlow Source Destination (Catalyst switches)<br>
8.8 NetFlow Full Flow (Catalyst switches)<br>
8.9 NetFlow ToS AS Aggregation<br>
8.10 NetFlow ToS Proto Port Aggregation<br>
8.11 NetFlow ToS Source Prefix Aggregation<br>
8.12 NetFlow ToS Destination Prefix Aggregation<br>
8.13 NetFlow ToS Prefix Aggregation<br>
8.14 NetFlow ToS Prefix Port Aggregation<br>
1005 Flow-Tools tagged version 5</P
></P
></DD
><DT
>-z<TT
CLASS="REPLACEABLE"
><I
> z_level</I
></TT
></DT
><DD
><P
>Configure compression level to <TT
CLASS="REPLACEABLE"
><I
> z_level</I
></TT
>. 0 is
disabled (no compression), 9 is highest compression.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN77"
></A
><H2
>EXAMPLES</H2
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN79"
></A
><P
></P
><P
>Convert the cflowd file <TT
CLASS="FILENAME"
>flows.cflowd</TT
> to the flow-tools
file <TT
CLASS="FILENAME"
>flows</TT
>. Store as Version 5 with compression level 5.</P
><P
> <B
CLASS="COMMAND"
>flow-import -V5 -z5 -f0 < flows.cflowd > flows</B
></P
><P
></P
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN85"
></A
><H2
>EXAMPLES</H2
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN87"
></A
><P
></P
><P
>Convert the ASCII CSV data in flows.ascii to flow-tools format. The
ASCII data must include all fields represented by 0xFF31EF in the order
listed above. Store as Version 5 with no compression. </P
><P
> <B
CLASS="COMMAND"
>flow-import -z0 -f2 -m0xFF31EF < flows.ascii > flows</B
></P
><P
></P
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN91"
></A
><H2
>BUGS</H2
><P
>The pcap format is a hack.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN94"
></A
><H2
>AUTHOR</H2
><P
>Mark Fullmer
<TT
CLASS="EMAIL"
><<A
HREF="mailto:maf@splintered.net"
>maf@splintered.net</A
>></TT
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN101"
></A
><H2
>SEE ALSO</H2
><P
><SPAN
CLASS="APPLICATION"
>flow-tools</SPAN
>(1)</P
></DIV
></BODY
></HTML
>
distrib
>
Mandriva
>
9.1
>
ppc
>
media
>
contrib
>
by-pkgid
>
8aa3de7ebd8d4b3c251a18215fcb5772
>
files
>
17
