flow-receive(1)

1FLOW-RECEIVE(1)                                                FLOW-RECEIVE(1)
2
3
4

NAME

6       flow-receive - Receive flow data with the NetFlow protocol.
7

SYNOPSIS

9       flow-receive  [  -h  ]   [  -b  big|little  ]   [  -C  comment  ]  [ -d
10       debug_level ]  [ -o output_file ]  [ -S stat_interval ]  [ -V  pdu_ver‐
11       sion ]  [ -z z_level ]  localip/remoteip/port
12

DESCRIPTION

14       The  flow-receive  utility  is used to receive flows in NetFlow format.
15       When the remoteip is configured only flows from that exporter  will  be
16       processed,  this is the most secure and recommended configuration. When
17       the localip is configured flow-receive will only process flows sent  to
18       the   localip  IP address. If remoteip is 0 (not configured) flows from
19       any source IP address are accepted. Multiple non  aggregated  PDU  ver‐
20       sions  may be accepted at once to support Cisco's Catalyst 6500 NetFlow
21       implementation which exports from both the supervisor and MSFC with the
22       same  IP  address  and same port but different export versions. In this
23       case the exports will be stored in the format specified by the -V  flag
24       or whichever export type is received first.
25

OPTIONS

27       -b big|little
28              Byte order of output.
29
30       -C Comment
31              Add a comment.
32
33       -d debug_level
34              Enable debugging.
35
36       -h     Display help.
37
38       -o file
39              Write to file instead of the standard out.
40
41       -S stat_interval
42              When  configured flow-receive will emit a timestamped message on
43              stderr every stat_interval minutes indicating counters  such  as
44              the number of flows received, packets processed, and lost flows.
45
46       -V pdu_version
47              Use pdu_version format output.
48
49                  1    NetFlow version 1 (No sequence numbers, AS, or mask)
50                  5    NetFlow version 5
51                  6    NetFlow version 6 (5+ Encapsulation size)
52                  7    NetFlow version 7 (Catalyst switches)
53                  8.1  NetFlow AS Aggregation
54                  8.2  NetFlow Proto Port Aggregation
55                  8.3  NetFlow Source Prefix Aggregation
56                  8.4  NetFlow Destination Prefix Aggregation
57                  8.5  NetFlow Prefix Aggregation
58                  8.6  NetFlow Destination (Catalyst switches)
59                  8.7  NetFlow Source Destination (Catalyst switches)
60                  8.8  NetFlow Full Flow (Catalyst switches)
61                  8.9  NetFlow ToS AS Aggregation
62                  8.10 NetFlow ToS Proto Port Aggregation
63                  8.11 NetFlow ToS Source Prefix Aggregation
64                  8.12 NetFlow ToS Destination Prefix Aggregation
65                  8.13 NetFlow ToS Prefix Aggregation
66                  8.14 NetFlow ToS Prefix Port Aggregation
67                  1005 Flow-Tools tagged version 5
68
69
70       -z z_level
71              Configure  compression level to  z_level. 0 is disabled (no com‐
72              pression), 9 is highest compression.
73

EXAMPLES

75       Listen on port 9800 on any local interface for exports from IP  address
76       10.0.0.1, store the exports in flows
77
78       flow-receive 0/10.0.0.1/9800 > flows
79
80       Listen on port 9800 on any local interface from any IP address, display
81       the received flows with flow-print.
82
83       flow-receive 0/0/9800 | flow-print
84

BUGS

86       It is not currently possible to convert between the aggregated  formats
87       (8.x) and the non aggregated formats (1,5,6,7).
88

AUTHOR

90       Mark Fullmer <maf@splintered.net>
91