flow-import(1)              General Commands Manual             flow-import(1)
2
3
4

NAME
6       flow-import — Import flows into flow-tools from other NetFlow packages.
7

SYNOPSIS
9       flow-import  [-h]   [-b big|little]  [-d debug_level]  [-f format]  [-m
10       mask_fields]  [-V pdu_version]  [-z z_level]
11

DESCRIPTION
13       The flow-import utility will convert data from  cflowd  and  ASCII  CSV
14       files into flow-tools format.
15

OPTIONS
17       -b big|little
18                 Byte order of output.
19
20       -d debug_level
21                 Enable debugging.
22
23       -f format Export format.  Supported formats are:
24
25         0 cflowd
26         2 ASCII CSV
27         3 Cisco NFCollector
28
29       -h        Display help.
30
31       -m mask_fields
32                 Select  fields for cflowd and ASCII formats.  The mask_fields
33                 is built from a bitwise OR of the following:
34
35
36
37           UNIX_SECS       0x0000000000000001LL
38           UNIX_NSECS      0x0000000000000002LL
39           SYSUPTIME       0x0000000000000004LL
40           EXADDR          0x0000000000000008LL
41
42           DFLOWS          0x0000000000000010LL
43           DPKTS           0x0000000000000020LL
44           DOCTETS         0x0000000000000040LL
45           FIRST           0x0000000000000080LL
46
47           LAST            0x0000000000000100LL
48           ENGINE_TYPE     0x0000000000000200LL
49           ENGINE_ID       0x0000000000000400LL
50
51           SRCADDR         0x0000000000001000LL
52           DSTADDR         0x0000000000002000LL
53           SRC_PREFIX      0x0000000000004000LL
54           DST_PREFIX      0x0000000000008000LL
55           NEXTHOP         0x0000000000010000LL
56           INPUT           0x0000000000020000LL
57           OUTPUT          0x0000000000040000LL
58           SRCPORT         0x0000000000080000LL
59
60           DSTPORT         0x0000000000100000LL
61           PROT            0x0000000000200000LL
62           TOS             0x0000000000400000LL
63           TCP_FLAGS       0x0000000000800000LL
64
65           SRC_MASK        0x0000000001000000LL
66           DST_MASK        0x0000000002000000LL
67           SRC_AS          0x0000000004000000LL
68           DST_AS          0x0000000008000000LL
69
70           IN_ENCAPS       0x0000000010000000LL
71           OUT_ENCAPS      0x0000000020000000LL
72           PEER_NEXTHOP    0x0000000040000000LL
73           ROUTER_SC       0x0000000080000000LL
74           EXTRA_PKTS      0x0000000100000000LL
75           MARKED_TOS      0x0000000200000000LL
76
77                 The default value is all fields applicable  to  the  pdu_ver‐
78                 sion.
79
80       -V pdu_version
81                 Use pdu_version format output.
82
83           1    NetFlow version 1 (No sequence numbers, AS, or mask)
84           5    NetFlow version 5
85           6    NetFlow version 6 (5+ Encapsulation size)
86           7    NetFlow version 7 (Catalyst switches)
87           8.1  NetFlow AS Aggregation
88           8.2  NetFlow Proto Port Aggregation
89           8.3  NetFlow Source Prefix Aggregation
90           8.4  NetFlow Destination Prefix Aggregation
91           8.5  NetFlow Prefix Aggregation
92           8.6  NetFlow Destination (Catalyst switches)
93           8.7  NetFlow Source Destination (Catalyst switches)
94           8.8  NetFlow Full Flow (Catalyst switches)
95           8.9  NetFlow ToS AS Aggregation
96           8.10 NetFlow ToS Proto Port Aggregation
97           8.11 NetFlow ToS Source Prefix Aggregation
98           8.12 NetFlow ToS Destination Prefix Aggregation
99           8.13 NetFlow ToS Prefix Aggregation
100           8.14 NetFlow ToS Prefix Port Aggregation
101           1005 Flow-Tools tagged version 5
102
103       -z z_level
104                 Configure  compression  level to  z_level.  0 is disabled (no
105                 compression), 9 is highest compression.
106

EXAMPLES
108       Convert the cflowd file flows.cflowd  to  the  flow-tools  file  flows.
109       Store as Version 5 with compression level 5.
110
111         flow-import -V5 -z5 -f0 < flows.cflowd > flows
112

EXAMPLES
114       Convert  the  ASCII  CSV data in flows.ascii to flow-tools format.  The
115       ASCII data must include all fields represented by 0xFF31EF in the order
116       listed above.  Store as Version 5 with no compression.
117
118         flow-import -z0 -f2 -m0xFF31EF < flows.ascii > flows
119

BUGS
121       The pcap format is a hack.
122

AUTHOR
124       Mark Fullmer maf@splintered.net
125

SEE ALSO
127       flow-tools(1)
128
129
130
131                                                                flow-import(1)



        

    


            
        

        

            Impressum