flow-cat(1)                          General Commands Manual                          flow-cat(1)


       flow-cat — Concatenate flow files


       flow-cat  [-aghmp]   [-b  big|little]   [-C comment]  [-d debug_level]  [-o filename]  [-t
       start_time]  [-T start_time]  [-z z_level]  [file|directory ...]


       The flow-cat utility processes files and/or directories of files in the flow-tools format.
       The resulting concatenated data set is written to the standard output or file specified by
       -o.  If file is a single dash (`-') or absent, flow-cat will read from the standard input.


       -a        Do not ignore filenames that begin with tmp.

       -b big|little
                 Byte order of output.

       -C Comment
                 Add a comment.

       -d debug_level
                 Enable debugging.

       -g        Sort file list by capture start time before processing.

       -h        Display help.

       -m        Disable the use of mmap().

       -p        Preload headers.  Use to preserve meta information such as lost flows.

       -o file   Write to file instead of the standard out.

       -t start_time
                 Select flow files up to start_time.   If  used  with  -T  select  files  between
                 start_time and end_time.

       -T end_time
                 Select  flow  files  after  end_time.   If  used  with  -t  select files between
                 start_time and end_time.

       -z z_level
                 Configure compression level to  z_level.  0 is disabled (no compression),  9  is
                 highest compression.

                 Process the files and/or directory.

TIME/DATE parsing

       start_time and end_time parsing is implemented with getdate.y, a commonly used function to
       process free-form time date specifications.  Example usage borrowed from cvs:
           1 month ago
           2 hours ago
           400000 seconds ago
           last year
           last Monday
           a fortnight ago
           3/31/92 10:00:07 PST
           January 23, 1987 10:05pm
           22:00 GMT


       Concatenate all flow files begining with ft-v05.2001-05.01, use flow-print to display  the

           flow-cat ft-v05.2001-05-01.* | flow-print

       Concatenate  flow  files  in  /flows/krc4,  store  store the output in compressed.flows at
       compression level 9 (best).  The headers are preloaded so various  metadata  such  as  the
       flow  count is correct in the result.  Filenames begining with tmp which are typically in-
       progress flow files from flow-capture are not processed.

           flow-cat -p -z9 /flows/krc4 > compressed.flows


       None known.


       Mark Fullmer