<HTML ><HEAD ><TITLE >flow-cat</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.73 "></HEAD ><BODY CLASS="REFENTRY" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><H1 ><A NAME="AEN1" ><SPAN CLASS="APPLICATION" >flow-cat</SPAN ></A ></H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6" ></A ><H2 >Name</H2 ><SPAN CLASS="APPLICATION" >flow-cat</SPAN > -- Concatenate flow files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >flow-cat</B > [-aghmp] [-b<TT CLASS="REPLACEABLE" ><I > big</I ></TT >|<TT CLASS="REPLACEABLE" ><I >little</I ></TT >] [-C<TT CLASS="REPLACEABLE" ><I > comment</I ></TT >] [-d<TT CLASS="REPLACEABLE" ><I > debug_level</I ></TT >] [-o<TT CLASS="REPLACEABLE" ><I > filename</I ></TT >] [-t<TT CLASS="REPLACEABLE" ><I > start_time</I ></TT >] [-T<TT CLASS="REPLACEABLE" ><I > start_time</I ></TT >] [-z<TT CLASS="REPLACEABLE" ><I > z_level</I ></TT >] [<TT CLASS="REPLACEABLE" ><I >file</I ></TT >|<TT CLASS="REPLACEABLE" ><I >directory</I ></TT >...]</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN32" ></A ><H2 >DESCRIPTION</H2 ><P >The <B CLASS="COMMAND" >flow-cat</B > utility processes files and/or directories of files in the flow-tools format. The resulting concatenated data set is written to the standard output or <TT CLASS="FILENAME" >file</TT > specified by <TT CLASS="OPTION" >-o</TT >. If <TT CLASS="FILENAME" >file</TT > is a single dash (`-') or absent, flow-cat will read from the standard input.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN39" ></A ><H2 >OPTIONS</H2 ><P ></P ><DIV CLASS="VARIABLELIST" ><DL ><DT >-a</DT ><DD ><P >Do not ignore filenames that begin with <TT CLASS="FILENAME" >tmp</TT >.</P ></DD ><DT >-b<TT CLASS="REPLACEABLE" ><I > big</I ></TT >|<TT CLASS="REPLACEABLE" ><I >little</I ></TT ></DT ><DD ><P >Byte order of output.</P ></DD ><DT >-C<TT CLASS="REPLACEABLE" ><I > Comment</I ></TT ></DT ><DD ><P >Add a comment.</P ></DD ><DT >-d<TT CLASS="REPLACEABLE" ><I > debug_level</I ></TT ></DT ><DD ><P >Enable debugging.</P ></DD ><DT >-g</DT ><DD ><P >Sort file list by capture start time before processing.</P ></DD ><DT >-h</DT ><DD ><P >Display help.</P ></DD ><DT >-m</DT ><DD ><P >Disable the use of mmap().</P ></DD ><DT >-p</DT ><DD ><P >Preload headers. Use to preserve meta information such as lost flows.</P ></DD ><DT >-o<TT CLASS="REPLACEABLE" ><I > file</I ></TT ></DT ><DD ><P >Write to <TT CLASS="FILENAME" >file</TT > instead of the standard out.</P ></DD ><DT >-t<TT CLASS="REPLACEABLE" ><I > start_time</I ></TT ></DT ><DD ><P >Select flow files up to <TT CLASS="REPLACEABLE" ><I >start_time</I ></TT >. If used with -T select files between <TT CLASS="REPLACEABLE" ><I >start_time</I ></TT > and <TT CLASS="REPLACEABLE" ><I >end_time</I ></TT >.</P ></DD ><DT >-T<TT CLASS="REPLACEABLE" ><I > end_time</I ></TT ></DT ><DD ><P >Select flow files after <TT CLASS="REPLACEABLE" ><I >end_time</I ></TT >. If used with -t select files between <TT CLASS="REPLACEABLE" ><I >start_time</I ></TT > and <TT CLASS="REPLACEABLE" ><I >end_time</I ></TT >.</P ></DD ><DT >-z<TT CLASS="REPLACEABLE" ><I > z_level</I ></TT ></DT ><DD ><P >Configure compression level to <TT CLASS="REPLACEABLE" ><I > z_level</I ></TT >. 0 is disabled (no compression), 9 is highest compression.</P ></DD ><DT ><TT CLASS="REPLACEABLE" ><I >file</I ></TT >|<TT CLASS="REPLACEABLE" ><I >directory...</I ></TT ></DT ><DD ><P >Process the files and/or directory.</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN113" ></A ><H2 >EXAMPLES</H2 ><DIV CLASS="INFORMALEXAMPLE" ><A NAME="AEN115" ></A ><P ></P ><P >Concatenate all flow files begining with ft-v05.2001-05.01, use flow-print to display the results.</P ><P > <B CLASS="COMMAND" >flow-cat ft-v05.2001-05-01.* | flow-print</B ></P ><P ></P ></DIV ><DIV CLASS="INFORMALEXAMPLE" ><A NAME="AEN119" ></A ><P ></P ><P >Concatenate flow files in <TT CLASS="FILENAME" >/flows/krc4</TT >, store store the output in <TT CLASS="FILENAME" >compressed.flows</TT > at compression level 9 (best). The headers are preloaded so various metadata such as the flow count is correct in the result. Filenames begining with <TT CLASS="FILENAME" >tmp</TT > which are typically in-progress flow files from <SPAN CLASS="APPLICATION" >flow-capture</SPAN > are not processed.</P ><P > <B CLASS="COMMAND" >flow-cat -p -z9 /flows/krc4 > compressed.flows</B ></P ><P ></P ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN127" ></A ><H2 >BUGS</H2 ><P >None known.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN130" ></A ><H2 >AUTHOR</H2 ><P >Mark Fullmer <TT CLASS="EMAIL" ><<A HREF="mailto:maf@splintered.net" >maf@splintered.net</A >></TT ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN137" ></A ><H2 >SEE ALSO</H2 ><P ><SPAN CLASS="APPLICATION" >flow-tools</SPAN >(1)</P ></DIV ></BODY ></HTML >