1<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN"> 2<refentry> 3 4<refmeta> 5<refentrytitle> 6<application>flow-import</application> 7</refentrytitle> 8<manvolnum>1</manvolnum> 9</refmeta> 10 11<refnamediv> 12<refname> 13<application>flow-import</application> 14</refname> 15<refpurpose> 16Import flows into flow-tools from other NetFlow packages. 17</refpurpose> 18</refnamediv> 19 20<refsynopsisdiv> 21<cmdsynopsis> 22<command>flow-import</command> 23<arg>-h</arg> 24<arg>-b<replaceable> big|little</replaceable></arg> 25<arg>-d<replaceable> debug_level</replaceable></arg> 26<arg>-f<replaceable> format</replaceable></arg> 27<arg>-m<replaceable> mask_fields</replaceable></arg> 28<arg>-V<replaceable> pdu_version</replaceable></arg> 29<arg>-z<replaceable> z_level</replaceable></arg> 30</cmdsynopsis> 31</refsynopsisdiv> 32 33 34<refsect1> 35<title>DESCRIPTION</title> 36<para> 37The <command>flow-import</command> utility will convert data from 38cflowd and ASCII CSV files into flow-tools format. 39</para> 40</refsect1> 41 42<refsect1> 43<title>OPTIONS</title> 44<variablelist> 45 46<varlistentry> 47<term>-b<replaceable> big</replaceable>|<replaceable>little</replaceable</term> 48<listitem> 49<para> 50Byte order of output. 51</para> 52</listitem> 53</varlistentry> 54 55<varlistentry> 56<term>-d<replaceable> debug_level</replaceable></term> 57<listitem> 58<para> 59Enable debugging. 60</para> 61</listitem> 62</varlistentry> 63 64<varlistentry> 65<term>-f<replaceable> format</replaceable></term> 66<listitem> 67<para> 68Export format. Supported formats are: 69<literallayout> 70 0 cflowd 71 2 ASCII CSV 72 3 Cisco NFCollector 73</literallayout> 74</para> 75</listitem> 76</varlistentry> 77 78<varlistentry> 79<term>-h</term> 80<listitem> 81<para> 82Display help. 83</para> 84</listitem> 85</varlistentry> 86 87<varlistentry> 88<term>-m<replaceable> mask_fields</replaceable></term> 89<listitem> 90<para> 91Select fields for cflowd and ASCII formats. The 92<replaceable>mask_fields</replaceable> 93is built from a bitwise OR of the following: 94</para> 95<para> 96<screen> 97 UNIX_SECS 0x0000000000000001LL 98 UNIX_NSECS 0x0000000000000002LL 99 SYSUPTIME 0x0000000000000004LL 100 EXADDR 0x0000000000000008LL 101 102 DFLOWS 0x0000000000000010LL 103 DPKTS 0x0000000000000020LL 104 DOCTETS 0x0000000000000040LL 105 FIRST 0x0000000000000080LL 106 107 LAST 0x0000000000000100LL 108 ENGINE_TYPE 0x0000000000000200LL 109 ENGINE_ID 0x0000000000000400LL 110 111 SRCADDR 0x0000000000001000LL 112 DSTADDR 0x0000000000002000LL 113 SRC_PREFIX 0x0000000000004000LL 114 DST_PREFIX 0x0000000000008000LL 115 NEXTHOP 0x0000000000010000LL 116 INPUT 0x0000000000020000LL 117 OUTPUT 0x0000000000040000LL 118 SRCPORT 0x0000000000080000LL 119 120 DSTPORT 0x0000000000100000LL 121 PROT 0x0000000000200000LL 122 TOS 0x0000000000400000LL 123 TCP_FLAGS 0x0000000000800000LL 124 125 SRC_MASK 0x0000000001000000LL 126 DST_MASK 0x0000000002000000LL 127 SRC_AS 0x0000000004000000LL 128 DST_AS 0x0000000008000000LL 129 130 IN_ENCAPS 0x0000000010000000LL 131 OUT_ENCAPS 0x0000000020000000LL 132 PEER_NEXTHOP 0x0000000040000000LL 133 ROUTER_SC 0x0000000080000000LL 134 EXTRA_PKTS 0x0000000100000000LL 135 MARKED_TOS 0x0000000200000000LL 136</screen> 137</para> 138<para> 139The default value is all fields applicable to the <replaceable>pdu_version</replaceable>. 140</para> 141</listitem> 142</varlistentry> 143 144<varlistentry> 145<term>-V<replaceable> pdu_version</replaceable></term> 146<listitem> 147<para> 148Use <replaceable>pdu_version</replaceable> format output. 149<literallayout> 150 1 NetFlow version 1 (No sequence numbers, AS, or mask) 151 5 NetFlow version 5 152 6 NetFlow version 6 (5+ Encapsulation size) 153 7 NetFlow version 7 (Catalyst switches) 154 8.1 NetFlow AS Aggregation 155 8.2 NetFlow Proto Port Aggregation 156 8.3 NetFlow Source Prefix Aggregation 157 8.4 NetFlow Destination Prefix Aggregation 158 8.5 NetFlow Prefix Aggregation 159 8.6 NetFlow Destination (Catalyst switches) 160 8.7 NetFlow Source Destination (Catalyst switches) 161 8.8 NetFlow Full Flow (Catalyst switches) 162 8.9 NetFlow ToS AS Aggregation 163 8.10 NetFlow ToS Proto Port Aggregation 164 8.11 NetFlow ToS Source Prefix Aggregation 165 8.12 NetFlow ToS Destination Prefix Aggregation 166 8.13 NetFlow ToS Prefix Aggregation 167 8.14 NetFlow ToS Prefix Port Aggregation 168 1005 Flow-Tools tagged version 5 169</literallayout> 170</para> 171</listitem> 172</varlistentry> 173 174<varlistentry> 175<term>-z<replaceable> z_level</replaceable></term> 176<listitem> 177<para> 178Configure compression level to <replaceable> z_level</replaceable>. 0 is 179disabled (no compression), 9 is highest compression. 180</para> 181</listitem> 182</varlistentry> 183 184 185</variablelist> 186</refsect1> 187 188<refsect1> 189<title>EXAMPLES</title> 190<informalexample> 191<para> 192Convert the cflowd file <filename>flows.cflowd</filename> to the flow-tools 193file <filename>flows</filename>. Store as Version 5 with compression level 5. 194</para> 195<para> 196 <command>flow-import -V5 -z5 -f0 < flows.cflowd > flows</command> 197</para> 198</informalexample> 199</refsect1> 200 201<refsect1> 202<title>EXAMPLES</title> 203<informalexample> 204<para> 205Convert the ASCII CSV data in flows.ascii to flow-tools format. The 206ASCII data must include all fields represented by 0xFF31EF in the order 207listed above. Store as Version 5 with no compression. 208</para> 209<para> 210 <command>flow-import -z0 -f2 -m0xFF31EF < flows.ascii > flows</command> 211</para> 212</informalexample> 213</refsect1> 214 215<refsect1> 216<title>BUGS</title> 217<para> 218The pcap format is a hack. 219</para> 220</refsect1> 221 222<refsect1> 223<title>AUTHOR</title> 224<para> 225<author> 226<firstname>Mark</firstname> 227<surname>Fullmer</surname> 228</author> 229<email>maf@splintered.net</email> 230</para> 231</refsect1> 232 233<refsect1> 234<title>SEE ALSO</title> 235<para> 236<application>flow-tools</application>(1) 237</para> 238</refsect1> 239 240</refentry> 241