2
3
4
6 flow-import — Import flows into flow-tools from other NetFlow packages.
7
9 flow-import [-h] [-b big|little] [-d debug_level] [-f format] [-m
10 mask_fields] [-V pdu_version] [-z z_level]
11
13 The flow-import utility will convert data from cflowd and ASCII CSV
14 files into flow-tools format.
15
17 -b big|little
18 Byte order of output.
19
20 -d debug_level
21 Enable debugging.
22
23 -f format Export format. Supported formats are:
24
25 0 cflowd
26 2 ASCII CSV
27 3 Cisco NFCollector
28
29 -h Display help.
30
31 -m mask_fields
32 Select fields for cflowd and ASCII formats. The mask_fields
33 is built from a bitwise OR of the following:
34
35
36
37 UNIX_SECS 0x0000000000000001LL
38 UNIX_NSECS 0x0000000000000002LL
39 SYSUPTIME 0x0000000000000004LL
40 EXADDR 0x0000000000000008LL
41
42 DFLOWS 0x0000000000000010LL
43 DPKTS 0x0000000000000020LL
44 DOCTETS 0x0000000000000040LL
45 FIRST 0x0000000000000080LL
46
47 LAST 0x0000000000000100LL
48 ENGINE_TYPE 0x0000000000000200LL
49 ENGINE_ID 0x0000000000000400LL
50
51 SRCADDR 0x0000000000001000LL
52 DSTADDR 0x0000000000002000LL
53 SRC_PREFIX 0x0000000000004000LL
54 DST_PREFIX 0x0000000000008000LL
55 NEXTHOP 0x0000000000010000LL
56 INPUT 0x0000000000020000LL
57 OUTPUT 0x0000000000040000LL
58 SRCPORT 0x0000000000080000LL
59
60 DSTPORT 0x0000000000100000LL
61 PROT 0x0000000000200000LL
62 TOS 0x0000000000400000LL
63 TCP_FLAGS 0x0000000000800000LL
64
65 SRC_MASK 0x0000000001000000LL
66 DST_MASK 0x0000000002000000LL
67 SRC_AS 0x0000000004000000LL
68 DST_AS 0x0000000008000000LL
69
70 IN_ENCAPS 0x0000000010000000LL
71 OUT_ENCAPS 0x0000000020000000LL
72 PEER_NEXTHOP 0x0000000040000000LL
73 ROUTER_SC 0x0000000080000000LL
74 EXTRA_PKTS 0x0000000100000000LL
75 MARKED_TOS 0x0000000200000000LL
76
77 The default value is all fields applicable to the pdu_ver‐
78 sion.
79
80 -V pdu_version
81 Use pdu_version format output.
82
83 1 NetFlow version 1 (No sequence numbers, AS, or mask)
84 5 NetFlow version 5
85 6 NetFlow version 6 (5+ Encapsulation size)
86 7 NetFlow version 7 (Catalyst switches)
87 8.1 NetFlow AS Aggregation
88 8.2 NetFlow Proto Port Aggregation
89 8.3 NetFlow Source Prefix Aggregation
90 8.4 NetFlow Destination Prefix Aggregation
91 8.5 NetFlow Prefix Aggregation
92 8.6 NetFlow Destination (Catalyst switches)
93 8.7 NetFlow Source Destination (Catalyst switches)
94 8.8 NetFlow Full Flow (Catalyst switches)
95 8.9 NetFlow ToS AS Aggregation
96 8.10 NetFlow ToS Proto Port Aggregation
97 8.11 NetFlow ToS Source Prefix Aggregation
98 8.12 NetFlow ToS Destination Prefix Aggregation
99 8.13 NetFlow ToS Prefix Aggregation
100 8.14 NetFlow ToS Prefix Port Aggregation
101 1005 Flow-Tools tagged version 5
102
103 -z z_level
104 Configure compression level to z_level. 0 is disabled (no
105 compression), 9 is highest compression.
106
108 Convert the cflowd file flows.cflowd to the flow-tools file flows.
109 Store as Version 5 with compression level 5.
110
111 flow-import -V5 -z5 -f0 < flows.cflowd > flows
112
114 Convert the ASCII CSV data in flows.ascii to flow-tools format. The
115 ASCII data must include all fields represented by 0xFF31EF in the order
116 listed above. Store as Version 5 with no compression.
117
118 flow-import -z0 -f2 -m0xFF31EF < flows.ascii > flows
119
121 The pcap format is a hack.
122
124 Mark Fullmer maf@splintered.net
125
127 flow-tools(1)
128
129
130
131 flow-import(1)