1FLOW-IMPORT(1) FLOW-IMPORT(1)
2
6 flow-import - Import flows into flow-tools from other NetFlow packages.
7
9 flow-import [ -h ] [ -b big|little ] [ -d debug_level ] [ -f format
10 ] [ -m mask_fields ] [ -V pdu_version ] [ -z z_level ]
11
13 The flow-import utility will convert data from cflowd and ASCII CSV
14 files into flow-tools format.
15
17 -b big|little
18 Byte order of output.
19 -d debug_level
21 Enable debugging.
22 -f format
24 Export format. Supported formats are:
25 0 cflowd
27 2 ASCII CSV
28 3 Cisco NFCollector
29 -h Display help.
32 -m mask_fields
34 Select fields for cflowd and ASCII formats. The mask_fields is
35 built from a bitwise OR of the following:
36 UNIX_SECS 0x0000000000000001LL
39 UNIX_NSECS 0x0000000000000002LL
40 SYSUPTIME 0x0000000000000004LL
41 EXADDR 0x0000000000000008LL
42 DFLOWS 0x0000000000000010LL
44 DPKTS 0x0000000000000020LL
45 DOCTETS 0x0000000000000040LL
46 FIRST 0x0000000000000080LL
47 LAST 0x0000000000000100LL
49 ENGINE_TYPE 0x0000000000000200LL
50 ENGINE_ID 0x0000000000000400LL
51 SRCADDR 0x0000000000001000LL
53 DSTADDR 0x0000000000002000LL
54 SRC_PREFIX 0x0000000000004000LL
55 DST_PREFIX 0x0000000000008000LL
56 NEXTHOP 0x0000000000010000LL
57 INPUT 0x0000000000020000LL
58 OUTPUT 0x0000000000040000LL
59 SRCPORT 0x0000000000080000LL
60 DSTPORT 0x0000000000100000LL
62 PROT 0x0000000000200000LL
63 TOS 0x0000000000400000LL
64 TCP_FLAGS 0x0000000000800000LL
65 SRC_MASK 0x0000000001000000LL
67 DST_MASK 0x0000000002000000LL
68 SRC_AS 0x0000000004000000LL
69 DST_AS 0x0000000008000000LL
70 IN_ENCAPS 0x0000000010000000LL
72 OUT_ENCAPS 0x0000000020000000LL
73 PEER_NEXTHOP 0x0000000040000000LL
74 ROUTER_SC 0x0000000080000000LL
75 EXTRA_PKTS 0x0000000100000000LL
76 MARKED_TOS 0x0000000200000000LL
77 The default value is all fields applicable to the pdu_version.
80 -V pdu_version
82 Use pdu_version format output.
83 1 NetFlow version 1 (No sequence numbers, AS, or mask)
85 5 NetFlow version 5
86 6 NetFlow version 6 (5+ Encapsulation size)
87 7 NetFlow version 7 (Catalyst switches)
88 8.1 NetFlow AS Aggregation
89 8.2 NetFlow Proto Port Aggregation
90 8.3 NetFlow Source Prefix Aggregation
91 8.4 NetFlow Destination Prefix Aggregation
92 8.5 NetFlow Prefix Aggregation
93 8.6 NetFlow Destination (Catalyst switches)
94 8.7 NetFlow Source Destination (Catalyst switches)
95 8.8 NetFlow Full Flow (Catalyst switches)
96 8.9 NetFlow ToS AS Aggregation
97 8.10 NetFlow ToS Proto Port Aggregation
98 8.11 NetFlow ToS Source Prefix Aggregation
99 8.12 NetFlow ToS Destination Prefix Aggregation
100 8.13 NetFlow ToS Prefix Aggregation
101 8.14 NetFlow ToS Prefix Port Aggregation
102 1005 Flow-Tools tagged version 5
103 -z z_level
106 Configure compression level to z_level. 0 is disabled (no com‐
107 pression), 9 is highest compression.
108
110 Convert the cflowd file flows.cflowd to the flow-tools file flows.
111 Store as Version 5 with compression level 5.
112 flow-import -V5 -z5 -f0 < flows.cflowd > flows
114
116 Convert the ASCII CSV data in flows.ascii to flow-tools format. The
117 ASCII data must include all fields represented by 0xFF31EF in the order
118 listed above. Store as Version 5 with no compression.
119 flow-import -z0 -f2 -m0xFF31EF < flows.ascii > flows
121
123 The pcap format is a hack.
124
126 Mark Fullmer <maf@splintered.net>
127
129 flow-tools(1)
130 26 Август 2010 FLOW-IMPORT(1)