1<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN"> 2<refentry> 3 4<refmeta> 5<refentrytitle> 6<application>flow-receive</application> 7</refentrytitle> 8<manvolnum>1</manvolnum> 9</refmeta> 10 11<refnamediv> 12<refname> 13<application>flow-receive</application> 14</refname> 15<refpurpose> 16Receive flow data with the NetFlow protocol. 17</refpurpose> 18</refnamediv> 19 20<refsynopsisdiv> 21<cmdsynopsis> 22<command>flow-receive</command> 23<arg>-h</arg> 24<arg>-b<replaceable> big|little</replaceable></arg> 25<arg>-C<replaceable> comment</replaceable></arg> 26<arg>-d<replaceable> debug_level</replaceable></arg> 27<arg>-o<replaceable> output_file</replaceable></arg> 28<arg>-S<replaceable> stat_interval</replaceable></arg> 29<arg>-V<replaceable> pdu_version</replaceable></arg> 30<arg>-z<replaceable> z_level</replaceable></arg> 31<arg choice="req"><replaceable>localip/remoteip/port</replaceable></arg> 32 33</cmdsynopsis> 34</refsynopsisdiv> 35 36<refsect1> 37<title>DESCRIPTION</title> 38<para> 39The <command>flow-receive</command> utility is used to receive flows in NetFlow 40format. When the <replaceable>remoteip</replaceable> is configured only flows 41from that exporter will be processed, this is the most secure and recommended 42configuration. When the <replaceable>localip</replaceable> is configured 43<command>flow-receive</command> will only process flows 44sent to the <replaceable> localip</replaceable> IP address. If 45<replaceable>remoteip</replaceable> is 0 (not configured) flows from any 46source IP address are accepted. Multiple non aggregated PDU versions may 47be accepted at once to support Cisco's Catalyst 6500 NetFlow 48implementation which exports from both the supervisor and MSFC with the 49same IP address and same port but different export versions. In this case 50the exports will be stored in the format specified by the -V flag or 51whichever export type is received first. 52 </para> 53</refsect1> 54 55<refsect1> 56<title>OPTIONS</title> 57<variablelist> 58 59<varlistentry> 60<term>-b<replaceable> big</replaceable>|<replaceable>little</replaceable</term> 61<listitem> 62<para> 63Byte order of output. 64</para> 65</listitem> 66</varlistentry> 67 68<varlistentry> 69<term>-C<replaceable> Comment</replaceable></term> 70<listitem> 71<para> 72Add a comment. 73</para> 74</listitem> 75</varlistentry> 76 77<varlistentry> 78<term>-d<replaceable> debug_level</replaceable></term> 79<listitem> 80<para> 81Enable debugging. 82</para> 83</listitem> 84</varlistentry> 85 86<varlistentry> 87<term>-h</term> 88<listitem> 89<para> 90Display help. 91</para> 92</listitem> 93</varlistentry> 94 95<varlistentry> 96<term>-o<replaceable> file</replaceable></term> 97<listitem> 98<para> 99Write to <filename>file</filename> instead of the standard out. 100</para> 101</listitem> 102</varlistentry> 103 104<varlistentry> 105<term>-S<replaceable> stat_interval</replaceable></term> 106<listitem> 107<para> 108When configured <command>flow-receive</command> will emit a timestamped 109message on stderr every <replaceable>stat_interval</replaceable> minutes 110indicating counters such as the number of flows received, packets processed, 111and lost flows. 112</para> 113</listitem> 114</varlistentry> 115 116<varlistentry> 117<term>-V<replaceable> pdu_version</replaceable></term> 118<listitem> 119<para> 120Use <replaceable>pdu_version</replaceable> format output. 121<literallayout> 122 1 NetFlow version 1 (No sequence numbers, AS, or mask) 123 5 NetFlow version 5 124 6 NetFlow version 6 (5+ Encapsulation size) 125 7 NetFlow version 7 (Catalyst switches) 126 8.1 NetFlow AS Aggregation 127 8.2 NetFlow Proto Port Aggregation 128 8.3 NetFlow Source Prefix Aggregation 129 8.4 NetFlow Destination Prefix Aggregation 130 8.5 NetFlow Prefix Aggregation 131 8.6 NetFlow Destination (Catalyst switches) 132 8.7 NetFlow Source Destination (Catalyst switches) 133 8.8 NetFlow Full Flow (Catalyst switches) 134 8.9 NetFlow ToS AS Aggregation 135 8.10 NetFlow ToS Proto Port Aggregation 136 8.11 NetFlow ToS Source Prefix Aggregation 137 8.12 NetFlow ToS Destination Prefix Aggregation 138 8.13 NetFlow ToS Prefix Aggregation 139 8.14 NetFlow ToS Prefix Port Aggregation 140 1005 Flow-Tools tagged version 5 141</literallayout> 142</para> 143</listitem> 144</varlistentry> 145 146<varlistentry> 147<term>-z<replaceable> z_level</replaceable></term> 148<listitem> 149<para> 150Configure compression level to <replaceable> z_level</replaceable>. 0 is 151disabled (no compression), 9 is highest compression. 152</para> 153</listitem> 154</varlistentry> 155 156 157</variablelist> 158</refsect1> 159 160<refsect1> 161<title>EXAMPLES</title> 162<informalexample> 163<para> 164Listen on port 9800 on any local interface for exports from IP address 16510.0.0.1, store the exports in <filename>flows</filename> 166</para> 167<para> 168 <command>flow-receive</command> 0/10.0.0.1/9800 > <filename>flows</filename> 169</para> 170<para> 171Listen on port 9800 on any local interface from any IP address, display 172the received flows with flow-print. 173</para> 174<para> 175 <command>flow-receive</command> 0/0/9800 | <command>flow-print</command> 176</para> 177</informalexample> 178 179</refsect1> 180<refsect1> 181<title>BUGS</title> 182<para> 183It is not currently possible to convert between the aggregated formats (8.x) 184and the non aggregated formats (1,5,6,7). 185</para> 186</refsect1> 187 188<refsect1> 189<title>AUTHOR</title> 190<para> 191<author> 192<firstname>Mark</firstname> 193<surname>Fullmer</surname> 194</author> 195<email>maf@splintered.net</email> 196</para> 197</refsect1> 198 199<refsect1> 200<title>SEE ALSO</title> 201<para> 202<application>flow-tools</application>(1) 203</para> 204</refsect1> 205 206</refentry> 207