nfexpire man page

nfexpire — data expiry program


nfexpire [options]


nfexpire is used to manage the expiration of old netflow data files, created  by nfcapd(1) or other data collectors such as sfcapd(1). Data expiration  is done either by nfcapd(1) in auto expiry mode, or by nfexpire which  can by run at any time or any desired time interval by cron. nfexpire  can also be savely run while nfcapd auto expires files, for cleaning up  full disks etc. nfexpire is sub directory hierarchy aware, and handles  any format automatically.  For a fast and efficient expiration, nfexpire  creates and maintains a stat file named .nfstat in the data directory.  Any directory supplied with the options below corresponds to the  data directory supplied to nfcapd(1) using option -l.


-l directory

List current data statistics in directory datadir.

-r directory

Rescan the specified directory to update the statfile. To be used only when explicit update is required. Usually nfexpire takes care itself about rescanning, when needed.

-e datadir

Expire files in the specified directory. Expire limits are taken from statfile ( see -u ) or from supplied options -s -t and -w. Command line options overwrite stat file values, however the statfile limits are not changed.

-s maxsize

Set size limit for the directory. The specified limit accepts values such as 100M, 100MB 1G 1.5G etc. Accpeted size factors are K, KB, M, MB, G, GB and T, TB.  If no factor is supplied bytes (B) is assumed. A value of 0 disables the max size limit.

-t maxlife_time

Sets the max life time for files in the directory. The supplied maxlife_time  accepts values such as 31d, 240H 1.5d etc. Accpeted time scales are w (weeks) d (days) H (hours). A value of 0 disables the max lifetime limit. If no scale is given, H (hours) are assumed.

-u datadir

Updates the max size and lifetime limits, specified by -s -t and -w and stores them in the statfile as default values. A running nfcapd(1) processs doing auto expiry will take these new values starting with the next expiry cycle. Running nfexpire next time doing file expiration will take these new limits unless -s -t or -w are specified.

-w watermark

Set the water mark in % for expiring data. If a limit is hit, files get expired  down to this level in % of that limit. If not set, the default is 95%.


Print help text on stdout with all options and exit.


Directories specified by -e, -l and -r are interpreted as profile directories. Only NfSen will need this option.


Print result in parseable format. Only NfSen will need this option.

Return Value


0   No error.

255 Initialization failed.

250 Internal error.


There are two ways to expire files: nfcapd in auto-expire mode ( option -e ) and  nfexpire running by hand or periodically as cron job. Both ways synchronize access  to the files, therefore both ways can be run in parallel if required.

Expiring by nfcapd in auto-expire mode: option -e

If nfcapd is started with option -e, the auto-expire mode is enabled. After each  cycle ( typically 5min ) nfcapd expires files according to the limits set with nfexpire  using options -u -s -t and -w. If initially no limits are set, no files get expired.

Expiring by nfexpire

nfexpire can be run at any time to expire files. It automatically syncs up with the  files created by nfcapd in the mean time since the last expire run, if a nfcapd  collector process is running for that directory in question and expires the files  according the limits set.


Files are expired according to two limits: maximum disk space used by all files  in the directory and maximum lifetime of data files, whatever limit is reached first.  If one of the limit is hit the expire process will delete files down to the watermark  of that limit.

See Also



Referenced By

nfcapd(1), sfcapd(1).