<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >flow-cat</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD ><BODY CLASS="REFENTRY" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><H1 ><A NAME="AEN1" ></A ><TT CLASS="APPLICATION" >flow-cat</TT ></H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6" ></A ><H2 >Name</H2 ><TT CLASS="APPLICATION" >flow-cat</TT > -- Concatenate flow files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >flow-cat</B > [-aghmp] [-b<TT CLASS="REPLACEABLE" ><I > big</I ></TT >|<TT CLASS="REPLACEABLE" ><I >little</I ></TT >] [-C<TT CLASS="REPLACEABLE" ><I > comment</I ></TT >] [-d<TT CLASS="REPLACEABLE" ><I > debug_level</I ></TT >] [-o<TT CLASS="REPLACEABLE" ><I > filename</I ></TT >] [-t<TT CLASS="REPLACEABLE" ><I > start_time</I ></TT >] [-T<TT CLASS="REPLACEABLE" ><I > start_time</I ></TT >] [-z<TT CLASS="REPLACEABLE" ><I > z_level</I ></TT >] [<TT CLASS="REPLACEABLE" ><I >file</I ></TT >|<TT CLASS="REPLACEABLE" ><I >directory</I ></TT >...]</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN32" ></A ><H2 >DESCRIPTION</H2 ><P >The <B CLASS="COMMAND" >flow-cat</B > utility processes files and/or directories of files in the flow-tools format. The resulting concatenated data set is written to the standard output or <TT CLASS="FILENAME" >file</TT > specified by <CODE CLASS="OPTION" >-o</CODE >. If <TT CLASS="FILENAME" >file</TT > is a single dash (`-') or absent, flow-cat will read from the standard input.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN39" ></A ><H2 >OPTIONS</H2 ><P ></P ><DIV CLASS="VARIABLELIST" ><DL ><DT >-a</DT ><DD ><P >Do not ignore filenames that begin with <TT CLASS="FILENAME" >tmp</TT >.</P ></DD ><DT >-b<TT CLASS="REPLACEABLE" ><I > big</I ></TT >|<TT CLASS="REPLACEABLE" ><I >little</I ></TT ></DT ><DD ><P >Byte order of output.</P ></DD ><DT >-C<TT CLASS="REPLACEABLE" ><I > Comment</I ></TT ></DT ><DD ><P >Add a comment.</P ></DD ><DT >-d<TT CLASS="REPLACEABLE" ><I > debug_level</I ></TT ></DT ><DD ><P >Enable debugging.</P ></DD ><DT >-g</DT ><DD ><P >Sort file list by capture start time before processing.</P ></DD ><DT >-h</DT ><DD ><P >Display help.</P ></DD ><DT >-m</DT ><DD ><P >Disable the use of mmap().</P ></DD ><DT >-p</DT ><DD ><P >Preload headers. Use to preserve meta information such as lost flows.</P ></DD ><DT >-o<TT CLASS="REPLACEABLE" ><I > file</I ></TT ></DT ><DD ><P >Write to <TT CLASS="FILENAME" >file</TT > instead of the standard out.</P ></DD ><DT >-t<TT CLASS="REPLACEABLE" ><I > start_time</I ></TT ></DT ><DD ><P >Select flow files up to <TT CLASS="REPLACEABLE" ><I >start_time</I ></TT >. If used with -T select files between <TT CLASS="REPLACEABLE" ><I >start_time</I ></TT > and <TT CLASS="REPLACEABLE" ><I >end_time</I ></TT >.</P ></DD ><DT >-T<TT CLASS="REPLACEABLE" ><I > end_time</I ></TT ></DT ><DD ><P >Select flow files after <TT CLASS="REPLACEABLE" ><I >end_time</I ></TT >. If used with -t select files between <TT CLASS="REPLACEABLE" ><I >start_time</I ></TT > and <TT CLASS="REPLACEABLE" ><I >end_time</I ></TT >.</P ></DD ><DT >-z<TT CLASS="REPLACEABLE" ><I > z_level</I ></TT ></DT ><DD ><P >Configure compression level to <TT CLASS="REPLACEABLE" ><I > z_level</I ></TT >. 0 is disabled (no compression), 9 is highest compression.</P ></DD ><DT ><TT CLASS="REPLACEABLE" ><I >file</I ></TT >|<TT CLASS="REPLACEABLE" ><I >directory...</I ></TT ></DT ><DD ><P >Process the files and/or directory.</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN113" ></A ><H2 >TIME/DATE parsing</H2 ><P >start_time and end_time parsing is implemented with <TT CLASS="FILENAME" >getdate.y</TT >, a commonly used function to process free-form time date specifications. Example usage borrowed from <B CLASS="COMMAND" >cvs</B >: 1 month ago 2 hours ago 400000 seconds ago last year last Monday yesterday a fortnight ago 3/31/92 10:00:07 PST January 23, 1987 10:05pm 22:00 GMT</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN118" ></A ><H2 >EXAMPLES</H2 ><DIV CLASS="INFORMALEXAMPLE" ><P ></P ><A NAME="AEN120" ></A ><P >Concatenate all flow files begining with ft-v05.2001-05.01, use flow-print to display the results.</P ><P > <B CLASS="COMMAND" >flow-cat ft-v05.2001-05-01.* | flow-print</B ></P ><P ></P ></DIV ><DIV CLASS="INFORMALEXAMPLE" ><P ></P ><A NAME="AEN124" ></A ><P >Concatenate flow files in <TT CLASS="FILENAME" >/flows/krc4</TT >, store store the output in <TT CLASS="FILENAME" >compressed.flows</TT > at compression level 9 (best). The headers are preloaded so various metadata such as the flow count is correct in the result. Filenames begining with <TT CLASS="FILENAME" >tmp</TT > which are typically in-progress flow files from <TT CLASS="APPLICATION" >flow-capture</TT > are not processed.</P ><P > <B CLASS="COMMAND" >flow-cat -p -z9 /flows/krc4 > compressed.flows</B ></P ><P ></P ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN132" ></A ><H2 >BUGS</H2 ><P >None known.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN135" ></A ><H2 >AUTHOR</H2 ><P >Mark Fullmer <CODE CLASS="EMAIL" ><<A HREF="mailto:maf@splintered.net" >maf@splintered.net</A >></CODE ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN142" ></A ><H2 >SEE ALSO</H2 ><P ><TT CLASS="APPLICATION" >flow-tools</TT >(1)</P ></DIV ></BODY ></HTML >