NAME¶
tracesplit - split traces
SYNOPSIS¶
tracesplit [
-f bpf |
--filter=bpf] [
-c count |
--count=count] [
-b bytes |
--bytes=bytes] [
-i
seconds |
--seconds=seconds] [
-s unixtime |
--starttime=unixtime] [
-e unixtime |
--endtime=unixtime]
[
-m maxfiles |
--maxfiles=maxfiles] [
-S snaplen |
--snaplen=snaplen] [
-z level |
--compress-level=level] [
-Z method |
--compress-type=method] inputuri [inputuri ...]
outputuri
DESCRIPTION¶
tracesplit splits the given input traces into multiple tracefiles
- -f bpf filter
- output only packets that match tcpdump style bpf filter
- -c count
- output count packets per output file. The output file will
be named after the basename given in the outputuri with the packet number
of the first packet in this file.
- -b bytes
- output bytes bytes per file
- -i seconds
- start a new tracefile after "seconds" seconds
- -s unixtime
- don't output any packets before unixtime
- -e unixtime
- don't output any packets after unixtime
- -m maxfiles
- do not create more than "maxfiles" trace files
- -S snaplen
- Truncate packets to "snaplen" bytes long. The
default is collect the entire packet.
- -z level
- Compress the data using the specified compression level,
ranging from 0 to 9. Higher compression levels tend to result in better
compression but require more processing power to compress.
- -Z compression-method
- Compress the data using the specified compression
algorithm. Accepted methods are "gzip", "bzip2",
"lzo" or "none". Default value is none unless a
compression level is specified, in which case gzip will be used.
EXAMPLES¶
create a 1MB erf trace of port 80 traffic.
tracesplit -z 1 -Z gzip -f 'port 80' -b $[ 1024 * 1024 ]
erf:/traces/bigtrace.gz erf:/traces/port80.gz
LINKS¶
More details about tracesplit (and libtrace) can be found at
http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
SEE ALSO¶
libtrace(3),
tracemerge(1),
tracefilter(1),
traceconvert(1),
tracesplit_dir(1),
tracereport(1),
tracertstats(1),
tracestats(1),
tracepktdump(1),
traceanon(1),
tracesummary(1),
tracereplay(1),
tracediff(1),
traceends(1),
tracetopends(1)
AUTHORS¶
Perry Lorier <perry@cs.waikato.ac.nz>