flow-send (1) - Linux Manuals
flow-send: Transmit flow data with the NetFlow protocol.
NAME
flow-send - Transmit flow data with the NetFlow protocol.SYNOPSIS
flow-send [ -h ] [ -d debug_level ] [ -m privacy_mask ] [ -s ] [ -x xmit_delay ] [ -V pdu_version ] localip/remoteip/port
DESCRIPTION
The flow-send utility is used to transmit flows in NetFlow format to a collector specified by localip/remoteip/port.
OPTIONS
- -d debug_level
- Enable debugging.
- -h
- Display help.
- -s
- Enable spoofing of source IP address.
- -m privacy_mask
- Apply privacy_mask to the source and destination IP address of flows. For example a privacy_mask of 255.255.255.0 would convert flows with source/destination IP addresses 10.1.1.1 and 10.2.2.2 to 10.1.1.0 and 10.2.2.0 respectively.
- -V pdu_version
-
Use pdu_version format when transmitting.
1 NetFlow version 1 (No sequence numbers, AS, or mask) 5 NetFlow version 5 6 NetFlow version 6 (5+ Encapsulation size) 7 NetFlow version 7 (Catalyst switches) 8.1 NetFlow AS Aggregation 8.2 NetFlow Proto Port Aggregation 8.3 NetFlow Source Prefix Aggregation 8.4 NetFlow Destination Prefix Aggregation 8.5 NetFlow Prefix Aggregation 8.6 NetFlow Destination (Catalyst switches) 8.7 NetFlow Source Destination (Catalyst switches) 8.8 NetFlow Full Flow (Catalyst switches) 8.9 NetFlow ToS AS Aggregation 8.10 NetFlow ToS Proto Port Aggregation 8.11 NetFlow ToS Source Prefix Aggregation 8.12 NetFlow ToS Destination Prefix Aggregation 8.13 NetFlow ToS Prefix Aggregation 8.14 NetFlow ToS Prefix Port Aggregation 1005 Flow-Tools tagged version 5
- -x xmit_delay
- Configure a microsecond transmit delay between packets. This may be necessary in some configurations to prevent a transmit buffer overrun.
EXAMPLES
Transmit all flows in the directory /flows/krc4 to the collector at 10.0.0.1 listening on port 9500.
flow-cat /flows/krc4 | flow-send 0/10.0.0.1/9500
Generate a test pattern of version 7 flows and send them to a collector at 10.0.0.1 listening on port 9500.
flow-gen -V7 | flow-send 0/10.0.0.1/9500
BUGS
It is not currently possible to convert between the aggregated formats (8.x) and the non aggregated formats (1,5,6,7).
AUTHOR
Mark Fullmer <maf [at] splintered.net>