1fstrm_capture(1)            General Commands Manual           fstrm_capture(1)
2
3
4

NAME

6       fstrm_capture - Receive and save Frame Streams data from a socket.
7
8

SYNOPSIS

10       fstrm_capture -t content-type -w filename
11            [ -u socket-path ] [ -a IP -p port ]
12            [ -c max-connections ] [ -b buffer-size ]
13            [ -s seconds ] [ --gmtime ] [ --localtime ]
14            [ -d [-d ...] ]
15
16
17       fstrm_capture --type content-type --write filename
18            [ --unix socket-path ] [ --tcp IP --port port ]
19            [ --maxconns max-connections ] [ --buffersize buffer-size ]
20            [ --split seconds ] [ --gmtime ] [ --localtime ]
21            [ --debug [--debug ...] ]
22
23
24

DESCRIPTION

26       fstrm_capture  listens  on  a UNIX domain or TCP socket, receives Frame
27       Streams data, and writes the data to a file.
28
29

OPTIONS

31       -w filename | --write filename
32              Write data to the file filename.
33
34              If the --gmtime or --localtime option is given, filename is pre‐
35              processed  with strftime().  This will allow specifying a format
36              string which includes the date and time, for  example,  for  the
37              created filename.
38
39              If  filename  is  "-"  and standard output is not connected to a
40              terminal, fstrm_capture will write to  standard  output.  Output
41              splitting (-s) may not be used with a filename of "-".
42
43              Sending  SIGHUP  to fstrm_capture will flush any buffered output
44              to the file. Sending SIGUSR1 will close and reopen the file.
45
46
47       -t content-type | --type content-type
48              Specify the content-type to receive from the socket and write to
49              the output filename.
50
51
52       -u socket-path | --unix socket-path
53              Listen  on  the  Unix domain socket socket-path to receive Frame
54              Streams data. Only one of -u or -a may be given.
55
56
57       -a IP | --tcp IP
58              Listen for TCP  connections  on  address  IP  to  receive  Frame
59              Streams  data.  Only  one  of  -u  or -a may be given. Use of -a
60              requires a port given with -p.
61
62
63       -p port | --port port
64              If -a is given, listen on TCP port port to receive Frame Streams
65              data.
66
67
68       -c max-conns | --maxconns max-conns
69              Allow  at  most  max-conns concurrent connections. If not speci‐
70              fied, concurrent connections are not limited.
71
72
73       -b buffersize | --buffersize buffersize
74              Set read buffer size to buffersize bytes. Combined with -c, this
75              can  be  used  to limit the total memory usage of fstrm_capture.
76              The  buffersize  also  affects  the  maximum  frame  size  which
77              fstrm_capture   will  accept.  Frames  larger  than  buffersize,
78              including the 4-byte framing overhead, will be discarded.
79
80              The default buffersize is 262144 (256KiB).
81
82
83       -s interval | --split interval
84              Reopen output file every interval seconds. Requires the  use  of
85              either the --gmtime or --localtime options.
86
87              Note  that  this file rotation is triggered by incoming data, so
88              it may be delayed after the interval.
89
90
91       --gmtime
92              Process the --write filename through strftime() with the current
93              time  in  GMT.   This  --gmtime  option may be used to provide a
94              timestamped output file  when  starting  fstrm_capture  or  when
95              reopening  an  output  file  using  the  --split  option or when
96              receiving a SIGUSR1 signal.
97
98
99       --localtime
100              Process the --write filename through strftime() with the current
101              time in the system local time zone.  This --localtime option may
102              be used to provide  a  timestamped  output  file  when  starting
103              fstrm_capture or when reopening an output file using the --split
104              option or when receiving a SIGUSR1 signal.
105
106
107
108       -d [ -d ... ] | --debug [ --debug ]
109              Increase debugging level. Without -d, fstrm_capture prints  only
110              critical error messages. Up to five -d options may be specified,
111              after which more repetitions will have no effect.
112
113

EXAMPLES

115       Receive dnstap data and save to hourly rotating files (with a converted
116       filename such as /var/log/dnstap/dnstap-2018-05-04-12:58:48.fstrm).
117
118            fstrm_capture -t protobuf:dnstap.Dnstap \
119                 -u /var/run/named/dnstap.sock \
120                 -w /var/log/dnstap/dnstap-%F-%T.fstrm \
121                 -s 3600 --gmtime
122
123

SEE ALSO

125       fstrm_dump(1), fstrm_replay(1), strftime(3),
126       Frame Streams C Library https://farsightsec.github.io/fstrm
127
128
129
130                                                              fstrm_capture(1)
Impressum