1FLOW-EXPORT(1)                                                  FLOW-EXPORT(1)
2
3
4

NAME

6       flow-export - Export flow-tools files into other NetFlow packages.
7

SYNOPSIS

9       flow-export [ -h ]  [ -d debug_level ]  [ -f format ]  [ -m mask_fields
10       ]  [ -u user:password:host:port:name:table ]
11

DESCRIPTION

13       The flow-export utility will convert flow-tools  flow  files  to  ASCII
14       CSV, cflowd, pcap, wire, mySQL, and PGSQL format.
15

OPTIONS

17       -d debug_level
18              Enable debugging.
19
20       -f format
21              Export  format.  Supported  formats are: 0 cflowd 1 pcap 2 ASCII
22              CSV 3 MySQL 4 wire 5 PGSQL
23
24       -h     Display help.
25
26       -m mask_fields
27              Select fields for MySQL, PostgresSQL, cflowd, and ASCII formats.
28              The mask_fields is built from a bitwise OR of the following:
29
30
31                  UNIX_SECS       0x0000000000000001LL
32                  UNIX_NSECS      0x0000000000000002LL
33                  SYSUPTIME       0x0000000000000004LL
34                  EXADDR          0x0000000000000008LL
35
36                  DFLOWS          0x0000000000000010LL
37                  DPKTS           0x0000000000000020LL
38                  DOCTETS         0x0000000000000040LL
39                  FIRST           0x0000000000000080LL
40
41                  LAST            0x0000000000000100LL
42                  ENGINE_TYPE     0x0000000000000200LL
43                  ENGINE_ID       0x0000000000000400LL
44
45                  SRCADDR         0x0000000000001000LL
46                  DSTADDR         0x0000000000002000LL
47                  SRC_PREFIX      0x0000000000004000LL
48                  DST_PREFIX      0x0000000000008000LL
49                  NEXTHOP         0x0000000000010000LL
50                  INPUT           0x0000000000020000LL
51                  OUTPUT          0x0000000000040000LL
52                  SRCPORT         0x0000000000080000LL
53
54                  DSTPORT         0x0000000000100000LL
55                  PROT            0x0000000000200000LL
56                  TOS             0x0000000000400000LL
57                  TCP_FLAGS       0x0000000000800000LL
58
59                  SRC_MASK        0x0000000001000000LL
60                  DST_MASK        0x0000000002000000LL
61                  SRC_AS          0x0000000004000000LL
62                  DST_AS          0x0000000008000000LL
63
64                  IN_ENCAPS       0x0000000010000000LL
65                  OUT_ENCAPS      0x0000000020000000LL
66                  PEER_NEXTHOP    0x0000000040000000LL
67                  ROUTER_SC       0x0000000080000000LL
68                  EXTRA_PKTS      0x0000000100000000LL
69                  MARKED_TOS      0x0000000200000000LL
70
71
72              When  exporting  to  cflowd  format the mask_fields field is the
73              cflowd mask which is defined as the following:
74
75
76                  ROUTERMASK         0x00000001
77                  SRCIPADDRMASK      0x00000002
78                  DSTIPADDRMASK      0x00000004
79                  INPUTIFINDEXMASK   0x00000008
80                  OUTPUTIFINDEXMASK  0x00000010
81                  SRCPORTMASK        0x00000020
82                  DSTPORTMASK        0x00000040
83                  PKTSMASK           0x00000080
84                  BYTESMASK          0x00000100
85                  IPNEXTHOPMASK      0x00000200
86                  STARTTIMEMASK      0x00000400
87                  ENDTIMEMASK        0x00000800
88                  PROTOCOLMASK       0x00001000
89                  TOSMASK            0x00002000
90                  SRCASMASK          0x00004000
91                  DSTASMASK          0x00008000
92                  SRCMASKLENMASK     0x00010000
93                  DSTMASKLENMASK     0x00020000
94                  TCPFLAGSMASK       0x00040000
95                  INPUTENCAPMASK     0x00080000
96                  OUTPUTENCAPMASK    0x00100000
97                  PEERNEXTHOPMASK    0x00200000
98                  ENGINETYPEMASK     0x00400000
99                  ENGINEIDMASK       0x00800000
100
101                  INDEX_V1_MASK      0x00043FFF
102                  INDEX_V5_MASK      0x00C7FFFF
103                  INDEX_V6_MASK      0x00FFFFFF
104                  INDEX_V7_MASK      0x00C7FFFF
105                  INDEX_V8_1_MASK    0x00C0CD99
106                  INDEX_V8_2_MASK    0x00C00DE1
107                  INDEX_V8_3_MASK    0x00C14D8B
108                  INDEX_V8_4_MASK    0x00C28D95
109                  INDEX_V8_5_MASK    0x00C3CD9F
110
111
112              The default value is all fields applicable to the the flow file,
113              or the cflowd INDEX mask applicabable to the export format.
114
115       -u user:password:host:port:name:table
116              Configure MySQL or PostgresSQL Access.
117

EXAMPLES

119       Convert  the  flow-tools  file  flows  to the cflowd file flows.cflowd.
120       Include all fields.
121
122       flow-export -f0 < flows > flows.cflowd
123

EXAMPLES

125       Convert the flow-tools file flows to the ASCII. Include the SRCADDR and
126       DSTADDR fields.
127
128       flow-export -f2 -m0x3000 < flows > flows.ascii
129

EXAMPLES

131       Export  the  flow-tools  file flows to an MySQL Database.  Include only
132       SRCADDR, DSTADDR and DOCTETS.
133
134       flow-export    -f3     -mSRCADDR,DSTADDR,DOCTETS     -u     "user:pass‐
135       word:host:port:name:table" < flows
136

BUGS

138       The pcap format is a hack.
139

AUTHOR

141       Mark Fullmer <maf@splintered.net>
142
143       Database Support: William Emmanuel Yu <wyu@ateno.edu>
144

SEE ALSO

146       flow-tools(1)
147
148
149
150                                26 Август 2010                  FLOW-EXPORT(1)
Impressum