lunar (1) tracesplit.1.gz

Provided by: libtrace-tools_3.0.21-1ubuntu5_amd64 bug

NAME

       tracesplit - split traces

SYNOPSIS

       tracesplit  [  -f  bpf  |  --filter=bpf]  [  -c  count  |  --count=count]  [  -b  bytes  |
       --bytes=bytes] [ -i seconds | --seconds=seconds] [ -s unixtime |  --starttime=unixtime]  [
       -e  unixtime  |  --endtime=unixtime]  [  -m maxfiles | --maxfiles=maxfiles] [ -S snaplen |
       --snaplen=snaplen] [  -z  level  |  --compress-level=level]  [  -Z  method  |  --compress-
       type=method] inputuri [inputuri ...] outputuri

DESCRIPTION

       tracesplit splits the given input traces into multiple tracefiles

       -f bpf filter
              output only packets that match tcpdump style bpf filter

       -c count
              output  count  packets  per  output  file.  The output file will be named after the
              basename given in the outputuri with the packet number of the first packet in  this
              file.

       -b bytes
              output bytes bytes per file

       -i seconds
              start a new tracefile after "seconds" seconds

       -s unixtime
              don't output any packets before unixtime

       -e unixtime
              don't output any packets after unixtime

       -m maxfiles
              do not create more than "maxfiles" trace files

       -S snaplen
              Truncate  packets  to  "snaplen"  bytes  long.   The  default is collect the entire
              packet.

       -z level
              Compress the data using the specified compression  level,  ranging  from  0  to  9.
              Higher  compression  levels  tend  to result in better compression but require more
              processing power to compress.

       -Z compression-method
              Compress the data using the specified compression algorithm. Accepted  methods  are
              "gzip",  "bzip2", "lzo", "xz" or "none". Default value is none unless a compression
              level is specified, in which case gzip will be used.

EXAMPLES

       create a 1MB erf trace of port 80 traffic.
       tracesplit -z 1 -Z gzip -f 'port 80' -b $[ 1024 * 1024 ]
       erf:/traces/bigtrace.gz erf:/traces/port80.gz

       More    details    about    tracesplit    (and    libtrace)    can     be     found     at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3),    tracemerge(1),    tracefilter(1),    traceconvert(1),   tracesplit_dir(1),
       tracereport(1),    tracertstats(1),    tracestats(1),    tracepktdump(1),    traceanon(1),
       tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)

AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>