nfexpire is used to manage the expiration of old netflow data files, created by nfcapd(1) or other data collectors such as sfcapd(1). Data expiration is done either by nfcapd(1) in auto expiry mode, or by nfexpire which can by run at any time or any desired time interval by cron. nfexpire can also be safely run while nfcapd auto expires files, for cleaning up full disks etc. nfexpire is sub directory hierarchy aware, and handles any format automatically. For a fast and efficient expiration, nfexpire creates and maintains a stat file named .nfstat in the data directory. Any directory supplied with the options below corresponds to the data directory supplied to nfcapd(1) using option -l.
- -l directory
List current data statistics in directory datadir.
- -r directory
Rescan the specified directory to update the statfile. To be used only when explicit update is required. Usually nfexpire takes care itself about rescanning, when needed.
- -e datadir
Expire files in the specified directory. Expire limits are taken from statfile ( see -u ) or from supplied options -s -t and -w. Command line options overwrite stat file values, however the statfile limits are not changed.
- -s maxsize
Set size limit for the directory. The specified limit accepts values such as 100M, 100MB 1G 1.5G etc. Accpeted size factors are K, KB, M, MB, G, GB and T, TB. If no factor is supplied bytes (B) is assumed. A value of 0 disables the max size limit.
- -t maxlife_time
Sets the max life time for files in the directory. The supplied maxlife_time accepts values such as 31d, 240H 1.5d etc. Accpeted time scales are w (weeks) d (days) H (hours). A value of 0 disables the max lifetime limit. If no scale is given, H (hours) are assumed.
- -u datadir
Updates the max size and lifetime limits, specified by -s -t and -w and stores them in the statfile as default values. A running nfcapd(1) process doing auto expiry will take these new values starting with the next expiry cycle. Running nfexpire next time doing file expiration will take these new limits unless -s -t or -w are specified.
- -w watermark
Set the water mark in % for expiring data. If a limit is hit, files get expired down to this level in % of that limit. If not set, the default is 95%.
Print help text on stdout with all options and exit.
Directories specified by -e, -l and -r are interpreted as profile directories. Only NfSen will need this option.
Print result in parseable format. Only NfSen will need this option.
0 No error.
255 Initialization failed.
250 Internal error.
There are two ways to expire files: nfcapd in auto-expire mode ( option -e ) and nfexpire running by hand or periodically as cron job. Both ways synchronize access to the files, therefore both ways can be run in parallel if required.
- Expiring by nfcapd in auto-expire mode: option -e
If nfcapd is started with option -e, the auto-expire mode is enabled. After each cycle ( typically 5min ) nfcapd expires files according to the limits set with nfexpire using options -u -s -t and -w. If initially no limits are set, no files get expired.
- Expiring by nfexpire
nfexpire can be run at any time to expire files. It automatically syncs up with the files created by nfcapd in the mean time since the last expire run, if a nfcapd collector process is running for that directory in question and expires the files according the limits set.
Files are expired according to two limits: maximum disk space used by all files in the directory and maximum lifetime of data files, whatever limit is reached first. If one of the limit is hit the expire process will delete files down to the watermark of that limit.