flow-capture - capture flow pdu's from a cisco router and write them to disk
flow-capture [ -aD ] [ -blittle|big ] [ -cclients ] [ -Ccomment ] [ -eexprot ] [ -Eexpbytes ] [ -ddebug ] [ -nrotations ] [ -pport ] [ -wdirectory ] [ -zcompresslevel ]
flow-capture captures flow PDU's from a Cisco router and writes them to disk, rotating the file rotations times, and expiring (deleting) files older than exprot rotations. Optionally allows fanout to clients connecting on demand via TCP.
Temporary files are named tmpVV.YYYY-MM-DD.HHMMss, where VV is a version number indicating the format of the saved records and ss is a sequence number (in case it restarts), finished files are named cfVV.YYYY-MM-DD.HHMMss.
Always create new file.
Daemonize - forks to the background and exits.
Selects output byte order.
Sets the number of clients to listen for.
Add a comment to the starting header in each output file.
Number of rotations (files) to retain through expirations.
Number of bytes to retain through expirations.
Set the level of debug output.
Sets the number of files to create per day. This must work out to no more than once per 5 minutes.
UDP port to listen on for flow exports from the router.
Sets working directory for output files.
Compression level.
To listen on UDP port 9991 for flows, write them to disk and rotate the file every hour, keeping at most 12 flows on disk, and using compression level 6:
flow-capture -z6 -n23 -e12 -p9991
Use the default rotation of 15 minutes, keep at most 1G bytes of data online, use /var/flowdata as the working area, use compress level 6 and enable up to 2 TCP clients
flow-capture -z6 -E1G -c2 -w/var/flowdata
Connect to flow-capture with a utility like netcat:
nc hostname 9991 | flow-print
flow-capture(1), flow-cat(1), flow-connect(1), flow-dscan(1),flow-expire(1), flow-export(1), flow-fanout(1), flow-filter(1), flow-gen(1), flow-interfaces(1), flow-print(1), flow-profile(1), flow-receive(1), flow-search(1), flow-send(1), flow-sort(1), flow-stat(1),
None known at this time.