Provided by: flow-tools_0.68-12.3build2_amd64
flow-cat(1) General Commands Manual flow-cat(1)
NAME
flow-cat — Concatenate flow files
SYNOPSIS
flow-cat [-aghmp] [-b big|little] [-C comment] [-d debug_level] [-o filename] [-t start_time] [-T start_time] [-z z_level] [file|directory ...]
DESCRIPTION
The flow-cat utility processes files and/or directories of files in the flow-tools format. The resulting concatenated data set is written to the standard output or file specified by -o. If file is a single dash (`-') or absent, flow-cat will read from the standard input.
OPTIONS
-a Do not ignore filenames that begin with tmp. -b big|little Byte order of output. -C Comment Add a comment. -d debug_level Enable debugging. -g Sort file list by capture start time before processing. -h Display help. -m Disable the use of mmap(). -p Preload headers. Use to preserve meta information such as lost flows. -o file Write to file instead of the standard out. -t start_time Select flow files up to start_time. If used with -T select files between start_time and end_time. -T end_time Select flow files after end_time. If used with -t select files between start_time and end_time. -z z_level Configure compression level to z_level. 0 is disabled (no compression), 9 is highest compression. file|directory... Process the files and/or directory.
TIME/DATE parsing
start_time and end_time parsing is implemented with getdate.y, a commonly used function to process free-form time date specifications. Example usage borrowed from cvs: 1 month ago 2 hours ago 400000 seconds ago last year last Monday yesterday a fortnight ago 3/31/92 10:00:07 PST January 23, 1987 10:05pm 22:00 GMT
EXAMPLES
Concatenate all flow files begining with ft-v05.2001-05.01, use flow-print to display the results. flow-cat ft-v05.2001-05-01.* | flow-print Concatenate flow files in /flows/krc4, store store the output in compressed.flows at compression level 9 (best). The headers are preloaded so various metadata such as the flow count is correct in the result. Filenames begining with tmp which are typically in- progress flow files from flow-capture are not processed. flow-cat -p -z9 /flows/krc4 > compressed.flows
BUGS
None known.
AUTHOR
Mark Fullmer maf@splintered.net
SEE ALSO
flow-tools(1) flow-cat(1)