netflow,抓包
源代码在线查看: flow-cat.html
> > >flow-cat > NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.73 "> > CLASS="REFENTRY" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" > > NAME="AEN1" > CLASS="APPLICATION" >flow-cat > > > CLASS="REFNAMEDIV" > NAME="AEN6" > > >Name > CLASS="APPLICATION" >flow-cat > -- Concatenate flow files > CLASS="REFSYNOPSISDIV" > NAME="AEN10" > > >Synopsis > > CLASS="COMMAND" >flow-cat > [-aghmp] [-b CLASS="REPLACEABLE" > > big > >| CLASS="REPLACEABLE" > >little > >] [-C CLASS="REPLACEABLE" > > comment > >] [-d CLASS="REPLACEABLE" > > debug_level > >] [-o CLASS="REPLACEABLE" > > filename > >] [-t CLASS="REPLACEABLE" > > start_time > >] [-T CLASS="REPLACEABLE" > > start_time > >] [-z CLASS="REPLACEABLE" > > z_level > >] [ CLASS="REPLACEABLE" > >file > >| CLASS="REPLACEABLE" > >directory > >...] > > CLASS="REFSECT1" > NAME="AEN32" > > >DESCRIPTION > >The CLASS="COMMAND" >flow-cat > utility processes files and/or directories of files in the flow-tools format. The resulting concatenated data set is written to the standard output or CLASS="FILENAME" >file > specified by CLASS="OPTION" >-o >. If CLASS="FILENAME" >file > is a single dash (`-') or absent, flow-cat will read from the standard input. > > CLASS="REFSECT1" > NAME="AEN39" > > >OPTIONS > > > CLASS="VARIABLELIST" > > >-a > > >Do not ignore filenames that begin with CLASS="FILENAME" >tmp >. > > >-b CLASS="REPLACEABLE" > > big > >| CLASS="REPLACEABLE" > >little > > > > >Byte order of output. > > >-C CLASS="REPLACEABLE" > > Comment > > > > >Add a comment. > > >-d CLASS="REPLACEABLE" > > debug_level > > > > >Enable debugging. > > >-g > > >Sort file list by capture start time before processing. > > >-h > > >Display help. > > >-m > > >Disable the use of mmap(). > > >-p > > >Preload headers. Use to preserve meta information such as lost flows. > > >-o CLASS="REPLACEABLE" > > file > > > > >Write to CLASS="FILENAME" >file > instead of the standard out. > > >-t CLASS="REPLACEABLE" > > start_time > > > > >Select flow files up to CLASS="REPLACEABLE" > >start_time > >. If used with -T select files between CLASS="REPLACEABLE" > >start_time > > and CLASS="REPLACEABLE" > >end_time > >. > > >-T CLASS="REPLACEABLE" > > end_time > > > > >Select flow files after CLASS="REPLACEABLE" > >end_time > >. If used with -t select files between CLASS="REPLACEABLE" > >start_time > > and CLASS="REPLACEABLE" > >end_time > >. > > >-z CLASS="REPLACEABLE" > > z_level > > > > >Configure compression level to CLASS="REPLACEABLE" > > z_level > >. 0 is disabled (no compression), 9 is highest compression. > > > CLASS="REPLACEABLE" > >file > >| CLASS="REPLACEABLE" > >directory... > > > > >Process the files and/or directory. > > > > > CLASS="REFSECT1" > NAME="AEN113" > > >EXAMPLES > CLASS="INFORMALEXAMPLE" > NAME="AEN115" > > > > >Concatenate all flow files begining with ft-v05.2001-05.01, use flow-print to display the results. > > CLASS="COMMAND" >flow-cat ft-v05.2001-05-01.* | flow-print > > > > > CLASS="INFORMALEXAMPLE" > NAME="AEN119" > > > > >Concatenate flow files in CLASS="FILENAME" >/flows/krc4 >, store store the output in CLASS="FILENAME" >compressed.flows > at compression level 9 (best). The headers are preloaded so various metadata such as the flow count is correct in the result. Filenames begining with CLASS="FILENAME" >tmp > which are typically in-progress flow files from CLASS="APPLICATION" >flow-capture > are not processed. > > CLASS="COMMAND" >flow-cat -p -z9 /flows/krc4 > compressed.flows > > > > > > CLASS="REFSECT1" > NAME="AEN127" > > >BUGS > >None known. > > CLASS="REFSECT1" > NAME="AEN130" > > >AUTHOR > >Mark Fullmer CLASS="EMAIL" >< HREF="mailto:maf@splintered.net" >maf@splintered.net >> > > > CLASS="REFSECT1" > NAME="AEN137" > > >SEE ALSO > > CLASS="APPLICATION" >flow-tools >(1) > > > >
