Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
flow-receive(1)		    General Commands Manual	       flow-receive(1)

NAME
       flow-receive -- Receive flow data with the NetFlow protocol.

SYNOPSIS
       flow-receive [-h]  [-b big|little]  [-C comment]	 [-d debug_level]  [-o
       output_file]   [-S  stat_interval]   [-V	pdu_version]  [-z z_level] lo-
       calip/remoteip/port

DESCRIPTION
       The flow-receive	utility	is used	to receive flows  in  NetFlow  format.
       When  the  remoteip is configured only flows from that exporter will be
       processed, this is the most secure and recommended configuration.  When
       the localip is configured flow-receive will only	process	flows sent  to
       the   localip IP	address.  If remoteip is 0 (not	configured) flows from
       any source IP address are accepted.  Multiple non aggregated  PDU  ver-
       sions  may be accepted at once to support Cisco's Catalyst 6500 NetFlow
       implementation which exports from both the supervisor and MSFC with the
       same IP address and same	port but different export versions.   In  this
       case  the exports will be stored	in the format specified	by the -V flag
       or whichever export type	is received first.

OPTIONS
       -b big|little
		 Byte order of output.

       -C Comment
		 Add a comment.

       -d debug_level
		 Enable	debugging.

       -h	 Display help.

       -o file	 Write to file instead of the standard out.

       -S stat_interval
		 When configured flow-receive will emit	a timestamped  message
		 on  stderr  every  stat_interval  minutes indicating counters
		 such as the number of flows received, packets processed,  and
		 lost flows.

       -V pdu_version
		 Use pdu_version format	output.

	   1	NetFlow	version	1 (No sequence numbers,	AS, or mask)
	   5	NetFlow	version	5
	   6	NetFlow	version	6 (5+ Encapsulation size)
	   7	NetFlow	version	7 (Catalyst switches)
	   8.1	NetFlow	AS Aggregation
	   8.2	NetFlow	Proto Port Aggregation
	   8.3	NetFlow	Source Prefix Aggregation
	   8.4	NetFlow	Destination Prefix Aggregation
	   8.5	NetFlow	Prefix Aggregation
	   8.6	NetFlow	Destination (Catalyst switches)
	   8.7	NetFlow	Source Destination (Catalyst switches)
	   8.8	NetFlow	Full Flow (Catalyst switches)
	   8.9	NetFlow	ToS AS Aggregation
	   8.10	NetFlow	ToS Proto Port Aggregation
	   8.11	NetFlow	ToS Source Prefix Aggregation
	   8.12	NetFlow	ToS Destination	Prefix Aggregation
	   8.13	NetFlow	ToS Prefix Aggregation
	   8.14	NetFlow	ToS Prefix Port	Aggregation
	   1005	Flow-Tools tagged version 5

       -z z_level
		 Configure  compression	 level to  z_level.  0 is disabled (no
		 compression), 9 is highest compression.

EXAMPLES
       Listen on port 9800 on any local	interface for exports from IP  address
       10.0.0.1, store the exports in flows

	 flow-receive 0/10.0.0.1/9800 >	flows

       Listen on port 9800 on any local	interface from any IP address, display
       the received flows with flow-print.

	 flow-receive 0/0/9800 | flow-print

BUGS
       It  is not currently possible to	convert	between	the aggregated formats
       (8.x) and the non aggregated formats (1,5,6,7).

AUTHOR
       Mark Fullmer maf@splintered.net

SEE ALSO
       flow-tools(1)

							       flow-receive(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=flow-receive&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help