Codebase list nfdump / upstream/1.5.7 nfreplay.1
upstream/1.5.7

Tree @upstream/1.5.7 (Download .tar.gz)

nfreplay.1 @upstream/1.5.7raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
.TH nfreplay 1 2005-08-19 "" ""
.SH NAME
nfreplay \- netflow replay program
.SH SYNOPSIS
.HP 5
.B nfreplay [options] [filter]
.SH DESCRIPTION
.B nfreplay
is the netflow replay program of the nfdump tool set. 
It reads data from files stored by nfcapd and sents the netflow
data to a host or a multicat group. The filter syntax is equivalent 
to nfdump. If a filter is supplied, only the matching flows are sent. 
See the nfdump(1) man page for a detailed description of the filter 
syntax. All records are sent as netflow version 5.

.SH OPTIONS
.TP 3
.B -H \fIremotehost
Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6 
IP address.  Defaults to IPv4 localhost 127.0.0.1.
.TP 3
.B -j \fImcastgroup
Join this multicast group and send all flows to this group host. Accepts a 
symbolic name or multicast IPv4/IPv6 IP address.
.TP 3
.B -p \fIport
Send all fows to this port on the remote side. Default is 9995.
.TP 3
.B -4
Forces nfreplay to send flows to a IPv4 address only. Can be used together with -i
if the remote host has an IPv4 and IPv6 address record.
.TP 3
.B -6
Forces nfreplay to send flows to a IPv6 address only. Can be used together with -i
if the remote host has an IPv4 and IPv6 address record.
.TP 3
.B -v \fInum
Send flows as netflow version \fInum\fR. \fB5\fR and \fB9\fR are supported. The
default is sending the flows as netflow version 5. In version 5 mode, IPv6 flows, 
are skipped and 64bit counters are truncated to 32bit. 
.TP 3
.B -d \fIusec
Delay each record bei \fIusec\fR mirco seconds, to avoid overrun on the remote
side. Default is 10.
.TP 3
.B -b \fIbuffersize
Set send buffer size in bytes. Usefull for large data to transfer. Default is
system dependent.
.TP 3
.B -r \fIinputfile
Read input data from \fIinputfile\fR. Default is read from stdin.
.TP 3
.B -t \fItimewin
Send only flows, which fall in the time window \fItimewin\fR, where
\fItimewin\fR is YYYY/MM/dd.hh:mm:ss[-YYYY/MM/dd.hh:mm:ss]. Any parts of
the time spec may be omitted e.g YYYY/MM/dd expands to 
YYYY/MM/dd.00:00:00-YYYY/MM/dd.23:59:59 and sends all flow from a 
given day.
.TP 3
.B -c \fInum
Limit number of records to send to the first \fInum\fR flows.
.TP 3
.B -V
Print nfreplay  version and exit.
.TP 3
.B -h
Print help text on stdout with all options and exit.
.SH "RETURN VALUE"
Returns 
.PD 0
.RS 4 
0   No error. \fn
.P
255 Initialization failed.
.P
254 Error in filter syntax.
.P
250 Internal error.
.RE
.PD
.SH NOTES
.P
.SH "SEE ALSO"
nfcapd(1), nfdump(1), nfprofile(1)
.SH BUGS