nfreplay - netflow replay program
nfreplay [options] [filter]
nfreplay is the netflow replay program of the nfdump tool set. It reads
data from files stored by nfcapd and sents the netflow data to a host or a
multicat group. The filter syntax is equivalent to nfdump. If a filter is
supplied, only the matching flows are sent. See the nfdump(1) man page for a
detailed description of the filter syntax. All records are sent as netflow
version 5.
- -H remotehost
- Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6
IP address. Defaults to IPv4 localhost 127.0.0.1.
- -j mcastgroup
- Join this multicast group and send all flows to this group host. Accepts a
symbolic name or multicast IPv4/IPv6 IP address.
- -p port
- Send all flows to this port on the remote side. Default is 9995.
- -4
- Forces nfreplay to send flows to a IPv4 address only. Can be used together
with -i if the remote host has an IPv4 and IPv6 address record.
- -6
- Forces nfreplay to send flows to a IPv6 address only. Can be used together
with -i if the remote host has an IPv4 and IPv6 address record.
- -v num
- Send flows as netflow version num. 5 and 9 are
supported. The default is sending the flows as netflow version 5. In
version 5 mode, IPv6 flows, are skipped and 64bit counters are truncated
to 32bit.
- -d usec
- Delay each record by usec mirco seconds, to avoid overrun on the
remote side. Default is 10.
- -b buffersize
- Set send buffer size in bytes. Useful for large data to transfer. Default
is system dependent.
- -r inputfile
- Read input data from inputfile. Default is read from stdin.
- -t timewin
- Send only flows, which fall in the time window timewin, where
timewin is YYYY/MM/dd.hh:mm:ss[-YYYY/MM/dd.hh:mm:ss]. Any parts of
the time spec may be omitted e.g YYYY/MM/dd expands to
YYYY/MM/dd.00:00:00-YYYY/MM/dd.23:59:59 and sends all flow from a given
day.
- -z num
- Flows are sent with their "real distribution" acrross time (with
a speed coefficient) -z 1 : 5 minutes of records will be sent in 5
minutes. -z 20 : 5 minutes of record will be sent in 5/20 = 0.25
minutes.
- -c num
- Limit number of records to send to the first num flows.
- -V
- Print nfreplay version and exit.
- -h
- Print help text on stdout with all options and exit.
Returns
0 No error.
255 Initialization failed.
254 Error in filter syntax.
250 Internal error.
nfcapd(1), nfdump(1), nfprofile(1)