1fstrm_capture(1) General Commands Manual fstrm_capture(1)
2
6 fstrm_capture - Receive and save Frame Streams data from a socket.
7
10 fstrm_capture -t content-type -w filename
11 [ -u socket-path ] [ -a IP -p port ]
12 [ -c max-connections ] [ -b buffer-size ]
13 [ -s seconds ] [ --gmtime ] [ --localtime ]
14 [ -d [-d ...] ]
15 fstrm_capture --type content-type --write filename
18 [ --unix socket-path ] [ --tcp IP --port port ]
19 [ --maxconns max-connections ] [ --buffersize buffer-size ]
20 [ --split seconds ] [ --gmtime ] [ --localtime ]
21 [ --debug [--debug ...] ]
22
26 fstrm_capture listens on a UNIX domain or TCP socket, receives Frame
27 Streams data, and writes the data to a file.
28
31 -w filename | --write filename
32 Write data to the file filename.
33 If the --gmtime or --localtime option is given, filename is pre‐
35 processed with strftime(). This will allow specifying a format
36 string which includes the date and time, for example, for the
37 created filename.
38 If filename is "-" and standard output is not connected to a
40 terminal, fstrm_capture will write to standard output. Output
41 splitting (-s) may not be used with a filename of "-".
42 Sending SIGHUP to fstrm_capture will flush any buffered output
44 to the file. Sending SIGUSR1 will close and reopen the file.
45 -t content-type | --type content-type
48 Specify the content-type to receive from the socket and write to
49 the output filename.
50 -u socket-path | --unix socket-path
53 Listen on the Unix domain socket socket-path to receive Frame
54 Streams data. Only one of -u or -a may be given.
55 -a IP | --tcp IP
58 Listen for TCP connections on address IP to receive Frame
59 Streams data. Only one of -u or -a may be given. Use of -a
60 requires a port given with -p.
61 -p port | --port port
64 If -a is given, listen on TCP port port to receive Frame Streams
65 data.
66 -c max-conns | --maxconns max-conns
69 Allow at most max-conns concurrent connections. If not speci‐
70 fied, concurrent connections are not limited.
71 -b buffersize | --buffersize buffersize
74 Set read buffer size to buffersize bytes. Combined with -c, this
75 can be used to limit the total memory usage of fstrm_capture.
76 The buffersize also affects the maximum frame size which
77 fstrm_capture will accept. Frames larger than buffersize,
78 including the 4-byte framing overhead, will be discarded.
79 The default buffersize is 262144 (256KiB).
81 -s interval | --split interval
84 Reopen output file every interval seconds. Requires the use of
85 either the --gmtime or --localtime options.
86 Note that this file rotation is triggered by incoming data, so
88 it may be delayed after the interval.
89 --gmtime
92 Process the --write filename through strftime() with the current
93 time in GMT. This --gmtime option may be used to provide a
94 timestamped output file when starting fstrm_capture or when
95 reopening an output file using the --split option or when
96 receiving a SIGUSR1 signal.
97 --localtime
100 Process the --write filename through strftime() with the current
101 time in the system local time zone. This --localtime option may
102 be used to provide a timestamped output file when starting
103 fstrm_capture or when reopening an output file using the --split
104 option or when receiving a SIGUSR1 signal.
105 -d [ -d ... ] | --debug [ --debug ]
109 Increase debugging level. Without -d, fstrm_capture prints only
110 critical error messages. Up to five -d options may be specified,
111 after which more repetitions will have no effect.
112
115 Receive dnstap data and save to hourly rotating files (with a converted
116 filename such as /var/log/dnstap/dnstap-2018-05-04-12:58:48.fstrm).
117 fstrm_capture -t protobuf:dnstap.Dnstap \
119 -u /var/run/named/dnstap.sock \
120 -w /var/log/dnstap/dnstap-%F-%T.fstrm \
121 -s 3600 --gmtime
122
125 fstrm_dump(1), fstrm_replay(1), strftime(3),
126 Frame Streams C Library https://farsightsec.github.io/fstrm
127 fstrm_capture(1)