nfreplay [options] [filter]
nfreplay is the netflow replay program of the nfdump tool set. It reads data from files stored by nfcapd and sents the netflow data to a host or a multicat group. The filter syntax is equivalent to nfdump. If a filter is supplied, only the matching flows are sent. See the nfdump(1) man page for a detailed description of the filter syntax. All records are sent as netflow version 5.
- -H remotehost
Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6 IP address. Defaults to IPv4 localhost 127.0.0.1.
- -j mcastgroup
Join this multicast group and send all flows to this group host. Accepts a symbolic name or multicast IPv4/IPv6 IP address.
- -p port
Send all flows to this port on the remote side. Default is 9995.
Forces nfreplay to send flows to a IPv4 address only. Can be used together with -i if the remote host has an IPv4 and IPv6 address record.
Forces nfreplay to send flows to a IPv6 address only. Can be used together with -i if the remote host has an IPv4 and IPv6 address record.
- -v num
Send flows as netflow version num. 5 and 9 are supported. The default is sending the flows as netflow version 5. In version 5 mode, IPv6 flows, are skipped and 64bit counters are truncated to 32bit.
- -d usec
Delay each record by usec mirco seconds, to avoid overrun on the remote side. Default is 10.
- -b buffersize
Set send buffer size in bytes. Useful for large data to transfer. Default is system dependent.
- -r inputfile
Read input data from inputfile. Default is read from stdin.
- -t timewin
Send only flows, which fall in the time window timewin, where timewin is YYYY/MM/dd.hh:mm:ss[-YYYY/MM/dd.hh:mm:ss]. Any parts of the time spec may be omitted e.g YYYY/MM/dd expands to YYYY/MM/dd.00:00:00-YYYY/MM/dd.23:59:59 and sends all flow from a given day.
- -z num
Flows are sent with their "real distribution" acrross time (with a speed coefficient) -z 1 : 5 minutes of records will be sent in 5 minutes. -z 20 : 5 minutes of record will be sent in 5/20 = 0.25 minutes.
- -c num
Limit number of records to send to the first num flows.
Print nfreplay version and exit.
Print help text on stdout with all options and exit.
0 No error.
255 Initialization failed.
254 Error in filter syntax.
250 Internal error.
nfcapd(1), nfdump(1), nfprofile(1)
ft2nfdump(1), nfcapd(1), nfdump(1), nfprofile(1), sfcapd(1).