nfexpire manages the expiration of netflow data files based on their lifetime and/or the total volume of all flow files. The flow files are usually created be any nfdump collector ( nfcapd sfcapd or nfpcapd )
nfexpire is used to setup the expire parameters (maintenance mode) or to actually run the expire process (expire mode) based on these parameters. The expire process can be triggered by either a cron job, by the collector process itself (nfcapd, sfcapd auto expire mode), or by running nfexpire manually.
nfexpire interacts with the collector, therefore it is safe to setup and expire files from a directory which is used by any collector to store flow files.
nfexpire stores a statistics file .nfstat in the given directory to maintain the status and parameters. You should not modify this file manually unless you know what you do. The directory argument for nfexpire corresponds to the -l argument on the collector command line.
The options are as follows:
- -l directory
List the current expire statistics from directory datadir. If this is the first time nfexpire runs on this directory it automatically rescans the flow files first to update the statistics. If this an active data directory used by any collector, the statistics are updated automatically.
- -r directory
Rescans the data directory, even if a statistics file already exist. This command can be used to update the statistics after a disk full event, after manually changing the compression of the files, or if files have been deleted manually or manipulated otherwise.
- -e directory
Expire data files according to the parameters maxsize and maxlife. The expire parameters are taken from the statfile, if they were previously set with -u or they can be overwritten with the additional options -s -t and -w. Files are deleted from the oldest towards the latest according both limits and stops at the watermark below the limit.
- -u directory
Updates the expire parameters such as size and lifetime limits, specified by -s -t and -w and stores them in the statfile as default values. Any running collector process in auto expire mode will take these new values starting with the next expire cycle. Running nfexpire the next time in expire mode will take these new parameters unless they will be overwritten by the arguments -s -t and -w.
- -s maxsize
This option sets the max size limit for all data files. maxsize accepts values such as 100M, 100MB 1G 1.5G (number + quantity factor) etc. Accpeted size factors are K, KB, M, MB, G, GB and T, TB. If no factor is given, bytes (B) is assumed. A value of 0 disables the max size limit.
- -t maxlife
This option sets the max lifetime for the data files. maxlife accepts values such as 31d, 240H 1.5d (number + quantity factor) etc. Accpeted time factors are w (weeks) d (days) H (hours). If no factor is given, hours (H) is assumed. A value of 0 disables the max lifetime limit.
- -w watermark
This options sets the water mark in % of any limit. It applies to both limits maxsize and maxlife. The expire process is triggered if any of the limits are hit and stops, if the new value reaches the watermark level in % of the limit. This means files are allowed to grow between watermark % lower level and 100% upper level. The default for watermark is 95%.
- -T runtime
This option forces nfexpire to end the expire task after runtime seconds, even if the task is not yet completed. nfexpire updates the statistics and exists cleanly, so it will pick up next time where it left. By default nfexpire runs until the task is done.
This option puts nfexpire in profile mode. Only legacy NfSen will need this option.
This option prints a NfSen compatible statistic. Only legacy NfSen will need this option.
Print help text on stdout with all options and exit.
nfexpire returns 0 on success and 255 otherwise.
nfdump(1) nfcapd(1) sfcapd(1)
nfcapd(1), nfpcapd(1), sfcapd(1).