1FLOW-EXPORT(1) FLOW-EXPORT(1)
2
6 flow-export - Export flow-tools files into other NetFlow packages.
7
9 flow-export [ -h ] [ -d debug_level ] [ -f format ] [ -m mask_fields
10 ] [ -u user:password:host:port:name:table ]
11
13 The flow-export utility will convert flow-tools flow files to ASCII
14 CSV, cflowd, pcap, wire, mySQL, and PGSQL format.
15
17 -d debug_level
18 Enable debugging.
19 -f format
21 Export format. Supported formats are: 0 cflowd 1 pcap 2 ASCII
22 CSV 3 MySQL 4 wire 5 PGSQL
23 -h Display help.
25 -m mask_fields
27 Select fields for MySQL, PostgresSQL, cflowd, and ASCII formats.
28 The mask_fields is built from a bitwise OR of the following:
29 UNIX_SECS 0x0000000000000001LL
32 UNIX_NSECS 0x0000000000000002LL
33 SYSUPTIME 0x0000000000000004LL
34 EXADDR 0x0000000000000008LL
35 DFLOWS 0x0000000000000010LL
37 DPKTS 0x0000000000000020LL
38 DOCTETS 0x0000000000000040LL
39 FIRST 0x0000000000000080LL
40 LAST 0x0000000000000100LL
42 ENGINE_TYPE 0x0000000000000200LL
43 ENGINE_ID 0x0000000000000400LL
44 SRCADDR 0x0000000000001000LL
46 DSTADDR 0x0000000000002000LL
47 SRC_PREFIX 0x0000000000004000LL
48 DST_PREFIX 0x0000000000008000LL
49 NEXTHOP 0x0000000000010000LL
50 INPUT 0x0000000000020000LL
51 OUTPUT 0x0000000000040000LL
52 SRCPORT 0x0000000000080000LL
53 DSTPORT 0x0000000000100000LL
55 PROT 0x0000000000200000LL
56 TOS 0x0000000000400000LL
57 TCP_FLAGS 0x0000000000800000LL
58 SRC_MASK 0x0000000001000000LL
60 DST_MASK 0x0000000002000000LL
61 SRC_AS 0x0000000004000000LL
62 DST_AS 0x0000000008000000LL
63 IN_ENCAPS 0x0000000010000000LL
65 OUT_ENCAPS 0x0000000020000000LL
66 PEER_NEXTHOP 0x0000000040000000LL
67 ROUTER_SC 0x0000000080000000LL
68 EXTRA_PKTS 0x0000000100000000LL
69 MARKED_TOS 0x0000000200000000LL
70 When exporting to cflowd format the mask_fields field is the
73 cflowd mask which is defined as the following:
74 ROUTERMASK 0x00000001
77 SRCIPADDRMASK 0x00000002
78 DSTIPADDRMASK 0x00000004
79 INPUTIFINDEXMASK 0x00000008
80 OUTPUTIFINDEXMASK 0x00000010
81 SRCPORTMASK 0x00000020
82 DSTPORTMASK 0x00000040
83 PKTSMASK 0x00000080
84 BYTESMASK 0x00000100
85 IPNEXTHOPMASK 0x00000200
86 STARTTIMEMASK 0x00000400
87 ENDTIMEMASK 0x00000800
88 PROTOCOLMASK 0x00001000
89 TOSMASK 0x00002000
90 SRCASMASK 0x00004000
91 DSTASMASK 0x00008000
92 SRCMASKLENMASK 0x00010000
93 DSTMASKLENMASK 0x00020000
94 TCPFLAGSMASK 0x00040000
95 INPUTENCAPMASK 0x00080000
96 OUTPUTENCAPMASK 0x00100000
97 PEERNEXTHOPMASK 0x00200000
98 ENGINETYPEMASK 0x00400000
99 ENGINEIDMASK 0x00800000
100 INDEX_V1_MASK 0x00043FFF
102 INDEX_V5_MASK 0x00C7FFFF
103 INDEX_V6_MASK 0x00FFFFFF
104 INDEX_V7_MASK 0x00C7FFFF
105 INDEX_V8_1_MASK 0x00C0CD99
106 INDEX_V8_2_MASK 0x00C00DE1
107 INDEX_V8_3_MASK 0x00C14D8B
108 INDEX_V8_4_MASK 0x00C28D95
109 INDEX_V8_5_MASK 0x00C3CD9F
110 The default value is all fields applicable to the the flow file,
113 or the cflowd INDEX mask applicabable to the export format.
114 -u user:password:host:port:name:table
116 Configure MySQL or PostgresSQL Access.
117
119 Convert the flow-tools file flows to the cflowd file flows.cflowd.
120 Include all fields.
121 flow-export -f0 < flows > flows.cflowd
123
125 Convert the flow-tools file flows to the ASCII. Include the SRCADDR and
126 DSTADDR fields.
127 flow-export -f2 -m0x3000 < flows > flows.ascii
129
131 Export the flow-tools file flows to an MySQL Database. Include only
132 SRCADDR, DSTADDR and DOCTETS.
133 flow-export -f3 -mSRCADDR,DSTADDR,DOCTETS -u "user:pass‐
135 word:host:port:name:table" < flows
136
138 The pcap format is a hack.
139
141 Mark Fullmer <maf@splintered.net>
142 Database Support: William Emmanuel Yu <wyu@ateno.edu>
144
146 flow-tools(1)
147 26 Август 2010 FLOW-EXPORT(1)