xenial (1) flow-receive.1.gz

Provided by: flow-tools_0.68-12.3build2_amd64 bug

flow-receive(1)                              General Commands Manual                             flow-receive(1)

NAME

       flow-receive — Receive flow data with the NetFlow protocol.

SYNOPSIS

       flow-receive  [-h]  [-b big|little]  [-C comment]  [-d debug_level]  [-o output_file]  [-S stat_interval]
       [-V pdu_version]  [-z z_level] localip/remoteip/port

DESCRIPTION

       The flow-receive utility is used to receive flows in NetFlow format.  When  the  remoteip  is  configured
       only  flows  from that exporter will be processed, this is the most secure and recommended configuration.
       When the localip is configured flow-receive will only process flows sent to the  localip IP address.   If
       remoteip  is  0  (not configured) flows from any source IP address are accepted.  Multiple non aggregated
       PDU versions may be accepted at once to  support  Cisco's  Catalyst  6500  NetFlow  implementation  which
       exports  from  both  the  supervisor and MSFC with the same IP address and same port but different export
       versions.  In this case the exports will be stored in the format specified by the -V  flag  or  whichever
       export type is received first.

OPTIONS

       -b big|little
                 Byte order of output.

       -C Comment
                 Add a comment.

       -d debug_level
                 Enable debugging.

       -h        Display help.

       -o file   Write to file instead of the standard out.

       -S stat_interval
                 When  configured  flow-receive  will  emit  a timestamped message on stderr every stat_interval
                 minutes indicating counters such as the number of flows received, packets processed,  and  lost
                 flows.

       -V pdu_version
                 Use pdu_version format output.

       1    NetFlow version 1 (No sequence numbers, AS, or mask)
       5    NetFlow version 5
       6    NetFlow version 6 (5+ Encapsulation size)
       7    NetFlow version 7 (Catalyst switches)
       8.1  NetFlow AS Aggregation
       8.2  NetFlow Proto Port Aggregation
       8.3  NetFlow Source Prefix Aggregation
       8.4  NetFlow Destination Prefix Aggregation
       8.5  NetFlow Prefix Aggregation
       8.6  NetFlow Destination (Catalyst switches)
       8.7  NetFlow Source Destination (Catalyst switches)
       8.8  NetFlow Full Flow (Catalyst switches)
       8.9  NetFlow ToS AS Aggregation
       8.10 NetFlow ToS Proto Port Aggregation
       8.11 NetFlow ToS Source Prefix Aggregation
       8.12 NetFlow ToS Destination Prefix Aggregation
       8.13 NetFlow ToS Prefix Aggregation
       8.14 NetFlow ToS Prefix Port Aggregation
       1005 Flow-Tools tagged version 5

       -z z_level
                 Configure  compression  level  to   z_level.   0  is  disabled  (no  compression), 9 is highest
                 compression.

EXAMPLES

       Listen on port 9800 on any local interface for exports from IP address 10.0.0.1,  store  the  exports  in
       flows

       flow-receive 0/10.0.0.1/9800 > flows

       Listen  on  port  9800  on any local interface from any IP address, display the received flows with flow-
       print.

       flow-receive 0/0/9800 | flow-print

BUGS

       It is not currently possible to convert between the aggregated  formats  (8.x)  and  the  non  aggregated
       formats (1,5,6,7).

AUTHOR

       Mark Fullmer maf@splintered.net

SEE ALSO

       flow-tools(1)

                                                                                                 flow-receive(1)