table of contents
| flow-cat(1) | General Commands Manual | flow-cat(1) |
NAME¶
flow-cat — Concatenate flow files
SYNOPSIS¶
flow-cat [-aghmp] [-b big|little] [-C comment] [-d debug_level] [-o filename] [-t start_time] [-T start_time] [-z z_level] [file|directory ...]
DESCRIPTION¶
The flow-cat utility processes files and/or directories of files in the flow-tools format. The resulting concatenated data set is written to the standard output or file specified by -o. If file is a single dash (`-') or absent, flow-cat will read from the standard input.
OPTIONS¶
- -a
- Do not ignore filenames that begin with tmp.
- -b big|little
- Byte order of output.
- -C Comment
- Add a comment.
- -d debug_level
- Enable debugging.
- -g
- Sort file list by capture start time before processing.
- -h
- Display help.
- -m
- Disable the use of mmap().
- -p
- Preload headers. Use to preserve meta information such as lost flows.
- -o file
- Write to file instead of the standard out.
- -t start_time
- Select flow files up to start_time. If used with -T select files between start_time and end_time.
- -T end_time
- Select flow files after end_time. If used with -t select files between start_time and end_time.
- -z z_level
- Configure compression level to z_level. 0 is disabled (no compression), 9 is highest compression.
- file|directory...
- Process the files and/or directory.
TIME/DATE parsing¶
start_time and end_time parsing is implemented with
getdate.y, a commonly used function to process free-form time date
specifications. Example usage borrowed from cvs:
1 month ago
2 hours ago
400000 seconds ago
last year
last Monday
yesterday
a fortnight ago
3/31/92 10:00:07 PST
January 23, 1987 10:05pm
22:00 GMT
EXAMPLES¶
Concatenate all flow files begining with ft-v05.2001-05.01, use flow-print to display the results.
flow-cat ft-v05.2001-05-01.* | flow-print
Concatenate flow files in /flows/krc4, store store the output in compressed.flows at compression level 9 (best). The headers are preloaded so various metadata such as the flow count is correct in the result. Filenames begining with tmp which are typically in-progress flow files from flow-capture are not processed.
flow-cat -p -z9 /flows/krc4 > compressed.flows
BUGS¶
None known.
AUTHOR¶
Mark Fullmer maf@splintered.net
SEE ALSO¶
flow-tools(1)