nfreplay man page

nfreplay — netflow replay program

Synopsis

nfreplay [options] [filter]

Description

nfreplay is the netflow replay program of the nfdump tool set. It reads data from files stored by nfcapd and sents the netflow data to a host or a multicat group. The filter syntax is equivalent to nfdump. If a filter is supplied, only the matching flows are sent. See the nfdump(1) man page for a detailed description of the filter syntax. All records are sent as netflow version 5.

Options

-H remotehost
Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6 IP address. Defaults to IPv4 localhost 127.0.0.1.
-j mcastgroup
Join this multicast group and send all flows to this group host. Accepts a symbolic name or multicast IPv4/IPv6 IP address.
-p port
Send all flows to this port on the remote side. Default is 9995.
-4
Forces nfreplay to send flows to a IPv4 address only. Can be used together with -i if the remote host has an IPv4 and IPv6 address record.
-6
Forces nfreplay to send flows to a IPv6 address only. Can be used together with -i if the remote host has an IPv4 and IPv6 address record.
-v num
Send flows as netflow version num. 5 and 9 are supported. The default is sending the flows as netflow version 5. In version 5 mode, IPv6 flows, are skipped and 64bit counters are truncated to 32bit.
-d usec
Delay each record by usec mirco seconds, to avoid overrun on the remote side. Default is 10.
-b buffersize
Set send buffer size in bytes. Useful for large data to transfer. Default is system dependent.
-r inputfile
Read input data from inputfile. Default is read from stdin.
-t timewin
Send only flows, which fall in the time window timewin, where timewin is YYYY/MM/dd.hh:mm:ss[-YYYY/MM/dd.hh:mm:ss]. Any parts of the time spec may be omitted e.g YYYY/MM/dd expands to YYYY/MM/dd.00:00:00-YYYY/MM/dd.23:59:59 and sends all flow from a given day.
-c num
Limit number of records to send to the first num flows.
-V
Print nfreplay version and exit.
-h
Print help text on stdout with all options and exit.

Return Value

Returns

0 No error.

255 Initialization failed.

254 Error in filter syntax.

250 Internal error.

See Also

nfcapd(1), nfdump(1), nfprofile(1)

Referenced By

ft2nfdump(1), nfcapd(1), nfdump(1), nfprofile(1), sfcapd(1).

2009-09-09