📄 flow-xlate.sgml
字号:
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN"><refentry><refmeta><refentrytitle><application>flow-xlate</application></refentrytitle><manvolnum>1</manvolnum></refmeta><refnamediv><refname><application>flow-xlate</application></refname><refpurpose>Apply translations to selected fields of a flow.</refpurpose></refnamediv><refsynopsisdiv><cmdsynopsis><command>flow-xlate</command><arg>-fhl</arg><arg>-0<replaceable> AS0_substitution</replaceable></arg><arg>-b<replaceable> big</replaceable>|<replaceable>little</replaceable></arg><arg>-C<replaceable> comment</replaceable></arg><arg>-d<replaceable> debug_level</replaceable></arg><arg>-m<replaceable> privacy_mask</replaceable></arg><arg>-s<replaceable> scale</replaceable></arg><arg>-t<replaceable> src_tag_mask</replaceable></arg><arg>-T<replaceable> dst_tag_mask</replaceable></arg><arg>-V<replaceable> pdu_version</replaceable></arg><arg>-z<replaceable> z_level</replaceable></arg></cmdsynopsis></refsynopsisdiv><refsect1><title>DESCRIPTION</title><para>The <command>flow-xlate</command> utility can translate between thenon aggregated flow export versions (1,5,6,7) and modify some fieldsof a flow.</para></refsect1><refsect1><title>OPTIONS</title><variablelist><varlistentry><term>-0<replaceable> AS0_substitution</replaceable></term><listitem><para>Cisco's NetFlow exports represent the local autonomous system as 0 instead ofthe real value. This option can be used to replace the 0 in the export withthe a configured value. Unfortunately under certain configurations AS 0 canalso represent a cache miss or non forwarded traffic so use with caution.</para></listitem></varlistentry><varlistentry><term>-b<replaceable> big</replaceable>|<replaceable>little</replaceable</term><listitem><para>Byte order of output.</para></listitem></varlistentry><varlistentry><term>-C<replaceable> Comment</replaceable></term><listitem><para>Add a comment.</para></listitem></varlistentry><varlistentry><term>-d<replaceable> debug_level</replaceable></term><listitem><para>Enable debugging.</para></listitem></varlistentry><varlistentry><term>-f</term><listitem><para>Convert the source and destination IP addresses to network addressesusing the mask bits in the flow. For example 128.146.1.7/16 would become128.146/16</para></listitem></varlistentry><varlistentry><term>-h</term><listitem><para>Display help.</para></listitem></varlistentry><varlistentry><term>-l</term><listitem><para>Convert the source and destination IP addresses to legacy classfulnetwork addresses. For example 128.146.1.7 would become 128.146.0.0.</para></listitem></varlistentry><varlistentry><term>-m<replaceable> privacy_mask</replaceable></term><listitem><para>Apply <replaceable>privacy_mask</replaceable> to the source and destination IPaddress of flows. For example a privacy_mask of 255.255.255.0 would convertflows with source/destination IP addresses 10.1.1.1 and 10.2.2.2 to 10.1.1.0and 10.2.2.0 respectively.</para></listitem></varlistentry><varlistentry><term>-n<replaceable> version</replaceable></term><listitem><para>Generate version type exports. Supported versions are:<literallayout> 1 NetFlow version 1 (No sequence numbers, AS, or mask) 5 NetFlow version 5 6 NetFlow version 6 (5+ Encapsulation size) 7 NetFlow version 7 (Catalyst switches) 8.1 NetFlow AS Aggregation 8.2 NetFlow Proto Port Aggregation 8.3 NetFlow Source Prefix Aggregation 8.4 NetFlow Destination Prefix Aggregation 8.5 NetFlow Prefix Aggregation 8.6 NetFlow Destination (Catalyst switches) 8.7 NetFlow Source Destination (Catalyst switches) 8.8 NetFlow Full Flow (Catalyst switches) 8.9 NetFlow ToS AS Aggregation 8.10 NetFlow ToS Proto Port Aggregation 8.11 NetFlow ToS Source Prefix Aggregation 8.12 NetFlow ToS Destination Prefix Aggregation 8.13 NetFlow ToS Prefix Aggregation 8.14 NetFlow ToS Prefix Port Aggregation 1005 Flow-Tools tagged version 5</literallayout></para></listitem></varlistentry><varlistentry><term>-s<replaceable> scale</replaceable></term><listitem><para>Scale the flows and octets and packets fields by <replaceable>scale</replaceable>.</para></listitem></varlistentry><varlistentry><term>-t<replaceable> src_tag_mask</replaceable></term><listitem><para>AND <replaceable>src_tag_mask</replaceable> with src_tag in flow.</para></listitem></varlistentry><varlistentry><term>-T<replaceable> dst_tag_mask</replaceable></term><listitem><para>AND <replaceable>dst_tag_mask</replaceable> with dst_tag in flow.</para></listitem></varlistentry><varlistentry><term>-z<replaceable> z_level</replaceable></term><listitem><para>Configure compression level to <replaceable> z_level</replaceable>. 0 isdisabled (no compression), 9 is highest compression.</para></listitem></varlistentry></variablelist></refsect1><refsect1><title>EXAMPLES</title><informalexample><para>Convert the version 7 flows in <filename>flows.v7</filename> to version 5,storing the result in <filename>flows.v5</filename>.</para><para> <command>flow-xlate -V5 < flows.v7 > flows.v5</command></para></informalexample></refsect1><refsect1><title>EXAMPLES</title><informalexample><para>Summarize IP addresses to IP network numbers and generate a source prefixlist report sorted by octets.</para><para> <command>flow-xlate -f < flows | flow-stat -f9 -w -S2</command></para></informalexample></refsect1><refsect1><title>BUGS</title><para>The scale option can overflow the 32 bit flow counters. This could besolved by detecting this condition and splitting the flow in two.</para><para>Translation between aggregated and non aggregated formats is not supported.</para></refsect1><refsect1><title>AUTHOR</title><para><author><firstname>Mark</firstname><surname>Fullmer</surname></author><email>maf@splintered.net</email></para></refsect1><refsect1><title>SEE ALSO</title><para><application>flow-tools</application>(1)</para></refsect1></refentry>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -