...\" $Header: /usr/src/docbook-to-man/cmd/RCS/docbook-to-man.sh,v 1.3 1996/06/17 03:36:49 fld Exp $
...\"
...\"	transcript compatibility for postscript use.
...\"
...\"	synopsis:  .P! <file.ps>
...\"
.de P!
\\&.
.fl			\" force out current output buffer
\\!%PB
\\!/showpage{}def
...\" the following is from Ken Flowers -- it prevents dictionary overflows
\\!/tempdict 200 dict def tempdict begin
.fl			\" prolog
.sy cat \\$1\" bring in postscript file
...\" the following line matches the tempdict above
\\!end % tempdict %
\\!PE
\\!.
.sp \\$2u	\" move below the image
..
.de pF
.ie     \\*(f1 .ds f1 \\n(.f
.el .ie \\*(f2 .ds f2 \\n(.f
.el .ie \\*(f3 .ds f3 \\n(.f
.el .ie \\*(f4 .ds f4 \\n(.f
.el .tm ? font overflow
.ft \\$1
..
.de fP
.ie     !\\*(f4 \{\
.	ft \\*(f4
.	ds f4\"
'	br \}
.el .ie !\\*(f3 \{\
.	ft \\*(f3
.	ds f3\"
'	br \}
.el .ie !\\*(f2 \{\
.	ft \\*(f2
.	ds f2\"
'	br \}
.el .ie !\\*(f1 \{\
.	ft \\*(f1
.	ds f1\"
'	br \}
.el .tm ? font underflow
..
.ds f1\"
.ds f2\"
.ds f3\"
.ds f4\"
.ta 8n 16n 24n 32n 40n 48n 56n 64n 72n 
.TH "\fBflow-import\fP" "1"
.SH "NAME"
\fBflow-import\fP \(em Import flows into flow-tools from other NetFlow packages\&.
.SH "SYNOPSIS"
.PP
\fBflow-import\fP [-h]  [-b\fI big|little\fP]  [-d\fI debug_level\fP]  [-f\fI format\fP]  [-m\fI mask_fields\fP]  [-V\fI pdu_version\fP]  [-z\fI z_level\fP] 
.SH "DESCRIPTION"
.PP
The \fBflow-import\fP utility will convert data from
cflowd and ASCII CSV files into flow-tools format\&.
.SH "OPTIONS"
.IP "-b\fI big\fP|\fIlittle\fP" 10
Byte order of output\&.
.IP "-d\fI debug_level\fP" 10
Enable debugging\&.
.IP "-f\fI format\fP" 10
Export format\&.  Supported formats are:
.PP
.nf
  0 cflowd
  2 ASCII CSV
  3 Cisco NFCollector
.fi
.IP "-h" 10
Display help\&.
.IP "-m\fI mask_fields\fP" 10
Select fields for cflowd and ASCII formats\&.  The
\fImask_fields\fP is built from a bitwise OR of the following:
.IP "" 10
.PP
.nf
    UNIX_SECS       0x0000000000000001LL
    UNIX_NSECS      0x0000000000000002LL
    SYSUPTIME       0x0000000000000004LL
    EXADDR          0x0000000000000008LL
    
    DFLOWS          0x0000000000000010LL
    DPKTS           0x0000000000000020LL
    DOCTETS         0x0000000000000040LL
    FIRST           0x0000000000000080LL
    
    LAST            0x0000000000000100LL
    ENGINE_TYPE     0x0000000000000200LL
    ENGINE_ID       0x0000000000000400LL
    
    SRCADDR         0x0000000000001000LL
    DSTADDR         0x0000000000002000LL
    SRC_PREFIX      0x0000000000004000LL
    DST_PREFIX      0x0000000000008000LL
    NEXTHOP         0x0000000000010000LL
    INPUT           0x0000000000020000LL
    OUTPUT          0x0000000000040000LL
    SRCPORT         0x0000000000080000LL
    
    DSTPORT         0x0000000000100000LL
    PROT            0x0000000000200000LL
    TOS             0x0000000000400000LL
    TCP_FLAGS       0x0000000000800000LL
    
    SRC_MASK        0x0000000001000000LL
    DST_MASK        0x0000000002000000LL
    SRC_AS          0x0000000004000000LL
    DST_AS          0x0000000008000000LL
    
    IN_ENCAPS       0x0000000010000000LL
    OUT_ENCAPS      0x0000000020000000LL
    PEER_NEXTHOP    0x0000000040000000LL
    ROUTER_SC       0x0000000080000000LL
    EXTRA_PKTS      0x0000000100000000LL
    MARKED_TOS      0x0000000200000000LL
.fi
.IP "" 10
The default value is all fields applicable to the \fIpdu_version\fP\&.
.IP "-V\fI pdu_version\fP" 10
Use \fIpdu_version\fP format output\&.
.PP
.nf
    1    NetFlow version 1 (No sequence numbers, AS, or mask)
    5    NetFlow version 5
    6    NetFlow version 6 (5+ Encapsulation size)
    7    NetFlow version 7 (Catalyst switches)
    8\&.1  NetFlow AS Aggregation
    8\&.2  NetFlow Proto Port Aggregation
    8\&.3  NetFlow Source Prefix Aggregation
    8\&.4  NetFlow Destination Prefix Aggregation
    8\&.5  NetFlow Prefix Aggregation
    8\&.6  NetFlow Destination (Catalyst switches)
    8\&.7  NetFlow Source Destination (Catalyst switches)
    8\&.8  NetFlow Full Flow (Catalyst switches)
    8\&.9  NetFlow ToS AS Aggregation
    8\&.10 NetFlow ToS Proto Port Aggregation
    8\&.11 NetFlow ToS Source Prefix Aggregation
    8\&.12 NetFlow ToS Destination Prefix Aggregation
    8\&.13 NetFlow ToS Prefix Aggregation
    8\&.14 NetFlow ToS Prefix Port Aggregation
    1005 Flow-Tools tagged version 5
.fi
.IP "-z\fI z_level\fP" 10
Configure compression level to \fI z_level\fP\&.  0 is
disabled (no compression), 9 is highest compression\&.
.SH "EXAMPLES"
.PP
Convert the cflowd file \fBflows\&.cflowd\fP to the flow-tools
file \fBflows\fP\&.  Store as Version 5 with compression level 5\&.
.PP
  \fBflow-import -V5 -z5 -f0 < flows\&.cflowd > flows\fP
.SH "EXAMPLES"
.PP
Convert the ASCII CSV data in flows\&.ascii to flow-tools format\&.  The
ASCII data must include all fields represented by 0xFF31EF in the order
listed above\&.  Store as Version 5 with no compression\&.  
.PP
  \fBflow-import -z0 -f2 -m0xFF31EF < flows\&.ascii > flows\fP
.SH "BUGS"
.PP
The pcap format is a hack\&.
.SH "AUTHOR"
.PP
Mark Fullmer maf@splintered\&.net
.SH "SEE ALSO"
.PP
\fBflow-tools\fP(1)
...\" created by instant / docbook-to-man, Sat 05 Oct 2002, 20:46