-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathflowd-reader.8.in
127 lines (127 loc) · 3.23 KB
/
flowd-reader.8.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
.\" $Id$
.\"
.\" Copyright (c) 2004 Damien Miller <djm@mindrot.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd July 30, 2004
.Dt FLOWD-READER 8
.Os
.Sh NAME
.Nm flowd-reader
.Nd Read, filter and concatenate binary flowd logfiles
.Sh SYNOPSIS
.Nm flowd-reader
.Op Fl LUvqd
.Op Fl H Ar num_flows
.Op Fl f Ar filter_file
.Op Fl o Ar output_file
.Ar flow_log
.Op Ar flow_log
.Op Ar ...
.Sh DESCRIPTION
.Nm
is a program to read, filter and/or concatenate
.Xr flowd 8
binary log files.
.Pp
If only
.Ar flow_log
arguments are specified,
.Nm
will read each of the log files and print their contents to standard output.
.Pp
Filtering may be performed by specifying a
.Ar filter_file
using the
.Fl f
option.
In this mode,
.Nm
will filter the flows it reads from the
.Ar flow_log
file(s) before printing them.
.Pp
Finally, the
.Fl o
option may be used to specify a
.Ar output_path
to which all the flows that have been read and passed any filters are written.
.Pp
The command-line options are as follows:
.Bl -tag -width Ds
.It Fl H Ar num_flows
.Xr head 1
mode.
Read only the first
.Ar num_flows
of the file.
.It Fl L
Allows
.Nm
to read legacy version 2 flow logs (generated by
.Xr flowd 8
versions prior to v9.0).
This may be used to convert old flow logs to the newer form.
.It Fl U
Causes
.Nm
to report all timestamps in UTC rather than the local timezone.
.It Fl d
Display debugging information, including the number of filter matches if one
has been specified.
.It Fl f Ar filter_file
Specify a
.Ar filter_file .
containing filtering and field selection rules to apply to the flows that are
loaded.
These rules may contain
.Ar store
directives and filter rules as described in the
.Xr flowd.conf 5
manual (under the
.Cm Storage field selection
and
.Cm Filter
sections respectively.)
Any other directives are ignored.
If no
.Ar store
directives are specified in the
.Ar filter_file
then the default is to preserve all the fields in the input flow logs.
.It Fl q
Operate quietly. If this argment is specified,
.Nm
will not display the flows it is processing.
This may be useful in conjunction with the
.Fl f
option.
.It Fl o Ar output_file
Specify an
.Ar output_file
to which all flows that have been read and have passed any filters are written.
The flows are written in the
.Nm flowd
binary log format.
This option is useful when filtering or concatenating flow log files.
.It Fl v
Reports all information in the flow log, rather than the default brief subset.
.It Fl h
Displays commandline usage information.
.El
.Sh AUTHORS
Damien Miller <djm@mindrot.org>
.Sh SEE ALSO
.Xr flowd 8 ,
.Xr flowd.conf 5