lunar (1) fstrm_capture.1.gz

Provided by: fstrm-bin_0.6.1-1build1_amd64 bug

NAME

       fstrm_capture - Receive and save Frame Streams data from a socket.

SYNOPSIS

       fstrm_capture -t content-type -w filename
            [ -u socket-path ] [ -a IP -p port ]
            [ -c max-connections ] [ -b buffer-size ]
            [ -s seconds ] [ --gmtime ] [ --localtime ]
            [ -d [-d ...] ]

       fstrm_capture --type content-type --write filename
            [ --unix socket-path ] [ --tcp IP --port port ]
            [ --maxconns max-connections ] [ --buffersize buffer-size ]
            [ --split seconds ] [ --gmtime ] [ --localtime ]
            [ --debug [--debug ...] ]

DESCRIPTION

       fstrm_capture  listens  on  a  UNIX domain or TCP socket, receives Frame Streams data, and
       writes the data to a file.

OPTIONS

       -w filename | --write filename
              Write data to the file filename.

              If the --gmtime or --localtime option  is  given,  filename  is  preprocessed  with
              strftime().  This will allow specifying a format string which includes the date and
              time, for example, for the created filename.

              If  filename  is  "-"  and  standard  output  is  not  connected  to  a   terminal,
              fstrm_capture  will write to standard output. Output splitting (-s) may not be used
              with a filename of "-".

              Sending SIGHUP to fstrm_capture will flush any buffered output to the file. Sending
              SIGUSR1 will close and reopen the file.

       -t content-type | --type content-type
              Specify  the  content-type  to  receive  from  the  socket  and write to the output
              filename.

       -u socket-path | --unix socket-path
              Listen on the Unix domain socket socket-path to receive Frame  Streams  data.  Only
              one of -u or -a may be given.

       -a IP | --tcp IP
              Listen for TCP connections on address IP to receive Frame Streams data. Only one of
              -u or -a may be given. Use of -a requires a port given with -p.

       -p port | --port port
              If -a is given, listen on TCP port port to receive Frame Streams data.

       -c max-conns | --maxconns max-conns
              Allow at most  max-conns  concurrent  connections.  If  not  specified,  concurrent
              connections are not limited.

       -b buffersize | --buffersize buffersize
              Set  read  buffer  size  to buffersize bytes. Combined with -c, this can be used to
              limit the total memory usage of fstrm_capture.  The  buffersize  also  affects  the
              maximum  frame size which fstrm_capture will accept. Frames larger than buffersize,
              including the 4-byte framing overhead, will be discarded.

              The default buffersize is 262144 (256KiB).

       -s interval | --split interval
              Reopen output file every interval seconds. Requires the use of either the  --gmtime
              or --localtime options.

              Note  that  this  file rotation is triggered by incoming data, so it may be delayed
              after the interval.

       --gmtime
              Process the --write filename through strftime() with the current time in GMT.  This
              --gmtime  option  may  be  used  to provide a timestamped output file when starting
              fstrm_capture or when reopening an output file using the  --split  option  or  when
              receiving a SIGUSR1 signal.

       --localtime
              Process the --write filename through strftime() with the current time in the system
              local time zone.  This --localtime option may be  used  to  provide  a  timestamped
              output  file when starting fstrm_capture or when reopening an output file using the
              --split option or when receiving a SIGUSR1 signal.

       -d [ -d ... ] | --debug [ --debug ]
              Increase debugging level. Without -d,  fstrm_capture  prints  only  critical  error
              messages. Up to five -d options may be specified, after which more repetitions will
              have no effect.

EXAMPLES

       Receive dnstap data and save to hourly rotating files (with a converted filename  such  as
       /var/log/dnstap/dnstap-2018-05-04-12:58:48.fstrm).

            fstrm_capture -t protobuf:dnstap.Dnstap \
                 -u /var/run/named/dnstap.sock \
                 -w /var/log/dnstap/dnstap-%F-%T.fstrm \
                 -s 3600 --gmtime

SEE ALSO

       fstrm_dump(1), fstrm_replay(1), strftime(3),
       Frame Streams C Library https://farsightsec.github.io/fstrm

                                                                                 fstrm_capture(1)