1fstrm_capture(1) General Commands Manual fstrm_capture(1)
2
6 fstrm_capture - Receive and save Frame Streams data from a socket.
7
10 fstrm_capture -t content-type -w filename
11 [ -u socket-path ] [ -a IP -p port ]
12 [ -c max-connections ] [ -b buffer-size ]
13 [ -s seconds ] [ --gmtime ] [ --localtime ]
14 [ -d [-d ...] ]
15 fstrm_capture --type content-type --write filename
18 [ --unix socket-path ] [ --tcp IP --port port ]
19 [ --maxconns max-connections ] [ --buffersize buffer-size ]
20 [ --split seconds ] [ --gmtime ] [ --localtime ]
21 [ --debug [--debug ...] ]
22
26 fstrm_capture listens on a UNIX domain or TCP socket, receives Frame
27 Streams data, and writes the data to a file.
28
31 -w filename | --write filename
32 Write data to the file filename.
33 If the --gmtime or --localtime option is given, filename is pre‐
35 processed with strftime(). This will allow specifying a format
36 string which includes the date and time, for example, for the
37 created filename.
38 If filename is "-" and standard output is not connected to a
40 terminal, fstrm_capture will write to standard output. Output
41 splitting (-s) may not be used with a filename of "-".
42 -t content-type | --type content-type
45 Specify the content-type to receive from the socket and write to
46 the output filename.
47 -u socket-path | --unix socket-path
50 Listen on the Unix domain socket socket-path to receive Frame
51 Streams data. Only one of -u or -a may be given.
52 -a IP | --tcp IP
55 Listen for TCP connections on address IP to receive Frame
56 Streams data. Only one of -u or -a may be given. Use of -a
57 requires a port given with -p.
58 -p port | --port port
61 If -a is given, listen on TCP port port to receive Frame Streams
62 data.
63 -c max-conns | --maxconns max-conns
66 Allow at most max-conns concurrent connections. If not speci‐
67 fied, concurrent connections are not limited.
68 -b buffersize | --buffersize buffersize
71 Set read buffer size to buffersize bytes. Combined with -c, this
72 can be used to limit the total memory usage of fstrm_capture.
73 The buffersize also affects the maximum frame size which
74 fstrm_capture will accept. Frames larger than buffersize,
75 including the 4-byte framing overhead, will be discarded.
76 The default buffersize is 262144 (256KiB).
78 -s interval | --split interval
81 Reopen output file every interval seconds. Requires the use of
82 either the --gmtime or --localtime options.
83 Note that this file rotation is triggered by incoming data, so
85 it may be delayed after the interval.
86 --gmtime
89 Process the --write filename through strftime() with the current
90 time in GMT. The --gmtime option may be used with --split to
91 provide file rotation, or by itself to provide a timestamped
92 output file for each start or restart of fstrm_capture.
93 --localtime
96 Process the --write filename through strftime() with the current
97 time in the system local time zone. The --localtime option may
98 be used with --split to provide file rotation, or by itself to
99 provide a timestamped output file for each start or restart of
100 fstrm_capture.
101 -d [ -d ... ] | --debug [ --debug ]
104 Increase debugging level. Without -d, fstrm_capture prints only
105 critical error messages. Up to five -d options may be specified,
106 after which more repetitions will have no effect.
107
110 Receive dnstap data and save to hourly rotating files (with a converted
111 filename such as /var/log/dnstap/dnstap-2018-05-04-12:58:48.fstrm).
112 fstrm_capture -t protobuf:dnstap.Dnstap \
114 -u /var/run/named/dnstap.sock \
115 -w /var/log/dnstap/dnstap-%F-%T.fstrm \
116 -s 3600 --gmtime
117
120 fstrm_dump(1), fstrm_replay(1), strftime(3),
121 Frame Streams C Library https://farsightsec.github.io/fstrm
122 fstrm_capture(1)