sourCEntral - mobile manpages

pdf

flow-cat

NAME

flow-cat — Concatenate flow files

SYNOPSIS

flow-cat [-aghmp] [-b big|little] [-C comment] [-d debug_level] [-o filename] [-t start_time] [-T start_time] [-z z_level] [file|directory ...]

DESCRIPTION

The flow-cat utility processes files and/or directories of files in the flow-tools format. The resulting concatenated data set is written to the standard output or file specified by -o. If file is a single dash (‘-’) or absent, flow-cat will read from the standard input.

OPTIONS

-a

Do not ignore filenames that begin with tmp.

-b big|little

Byte order of output.

-C Comment

Add a comment.

-d debug_level

Enable debugging.

-g

Sort file list by capture start time before processing.

-h

Display help.

-m

Disable the use of mmap().

-p

Preload headers. Use to preserve meta information such as lost flows.

-o file

Write to file instead of the standard out.

-t start_time

Select flow files up to start_time. If used with -T select files between start_time and end_time.

-T end_time

Select flow files after end_time. If used with -t select files between start_time and end_time.

-z z_level

Configure compression level to z_level. 0 is disabled (no compression), 9 is highest compression.

file|directory...

Process the files and/or directory.

TIME/DATE parsing

start_time and end_time parsing is implemented with getdate.y, a commonly used function to process free-form time date specifications. Example usage borrowed from cvs:
1 month ago
2 hours ago
400000 seconds ago
last year
last Monday
yesterday
a fortnight ago
3/31/92 10:00:07 PST
January 23, 1987 10:05pm
22:00 GMT

EXAMPLES

Concatenate all flow files begining with ft-v05.2001-05.01, use flow-print to display the results.

flow-cat ft-v05.2001-05-01.* | flow-print

Concatenate flow files in /flows/krc4, store store the output in compressed.flows at compression level 9 (best). The headers are preloaded so various metadata such as the flow count is correct in the result. Filenames begining with tmp which are typically in-progress flow files from flow-capture are not processed.

flow-cat -p -z9 /flows/krc4 > compressed.flows

BUGS

None known.

AUTHOR

Mark Fullmer maf@splintered.net

SEE ALSO

flow-tools(1)

pdf