OPTIONS

-A interval

specifies the accounting interval. Every interval seconds an accounting request will be made to server and the results will be emitted to stdout. When specifying this mode, you also need to specify -d at the command line.

-C count

stops sratunnel after count SIE messages and raw IP packets.

-c channel

There must be at least one -c argument naming an SIE channel that server will watch for interesting NMSG messages or IP packets.

Channels are specified as chXX or all

-d

enable debugging reports or increase them after the first -d.

-E ciphers

specifies a list ciphers for TLS connections.

-h

display options summary.

-i interval

enables timestamp indexing every interval nmsgs. This mode writes to a pre-existing (or creates an) lmdb-backed key-value store of nmsg timestamp/file offset pairs (a "tsindex" file). The keys are the epoch portion of the nmsg timestamp for which the offsets refer back to. The tsindex file is intended to be used to provide hints to speed subsequent cherry-picking of nmsgs from the nmsg data file it backs. It is most useful when the corresponding nmsg data file is anticipated to grow large.

This mode may only be used with nmsg file-based outputs and, because sratunnel needs to know when filesystem writes have occurred, it must be run in unbuffered mode ( -u ). If you specify the append option ( -p ), it is assumed you are continuing a previous session so you must also specify a previously created nmsg file which must also have a corresponding previously created tsindex file.

sratunnel will always write an entry for the first nmsg and every interval nmsgs thereafter.

If sratunnel finds a previously created tsindex file and is not in append mode, it will clobber the file.

-m sampling-rate

specifies the sampling rate. Sets the percentage (between 0.1 and 100.0) that the SRA server will send.

-n config-file

specify location for AXA client configuration file.

-O

enable a spinning bar output indicator on stdout.

-p

append output to specified file (only valid for nmsg file-based outputs).

-o out-addr

specifies the destination of the SIE data. It can be forwarded as NMSG messages to a UDP or TCP port or as raw IP packets to a file, FIFO, or network interface.

nmsg:[tcp:|udp:]host,port

sends NMSG messages to the UDP or optional TCP host name and port number host,port. UDP is the default. IP packets are converted to NMSG messages.

nmsg:file:path

sends NMSG messages to the file named path. IP packets are converted to NMSG messages.

nmsg:file_json:path

sends NMSG json blobs to the file named path.

pcap[-fifo]:path

sends IP packets to a file or FIFO named path for examination with tcpdump(1) or another packet tracing tool. An ordinary file is the default. Only IP packets but not NMSG messages are sent.

pcap-if:[dst/]ifname

transmits IP packets on the network interface named ifname for examination with tcpdump(1) or another packet tracing tool. dst optionally specifies a destination 48-bit Ethernet address other than all 0:0:0:0:0:0 default. This output usually requires that sratunnel be run by root. Only IP packets but not NMSG messages are sent.

-P pidfile

will result in the current PID being written to pidfile. The file will be deleted upon program exit.

-r rate-limit

tells the server to send at most rate-limit SIE messages and raw IP packets per second.

-S certs

overrides the default directory containing SSL certificates and keys. Its default is /usr/local/etc/axa/certs.

-s server

specifies the server that is the source of the SIE data. The server can be specified with any of the following:

Sm off alias Sm on

Connect to a server using an alias shortcut mnemonic (see FILES section for more information).

Sm off apikey: <users_apikey>@ host,port Sm on

Identify and authenticate the user via a Farsight Security provided apikey. The connection will be encrypted using the same TLS semantics as the tls transport below.

Sm off ssh: [user@] host Sm on

The server will be contacted using the ssh protocol. These connections usually use default ssh ssh_config(1) files to specify the required public keys and optionally the fully qualified host name and user names associated with the public key. Use -dddd to diagnose ssh connection problems.

Sm off tcp: user@ host,port Sm on

The connection will be made with the host name or IP address and port number using clear text over TCP/IP.

Sm off unix: user@ /ud/socket Sm on

This connection uses a UNIX domain socket connected to a local server.

tls:cert,key@host,port

Use the TLS protocol with the certificate in the cert file and the private key in the key file. If not absolute, the files are in the -S certs directory.

-t

enable tracing reports on the server or increase them after the first -t.

-V

displays the version of sratunnel and its preferred version of the AXA protocol.

-w watch

There must be at least one -w with an SRA or RAD watch to specify the interesting SIE messages or IP packets.

 

ip=IP[/n]

The IPv4 or IPv6 address IP specifies a host address unless a prefix length is specified.

 

dns=[*.]dom

watches for the domain anywhere in the IP packets or SIE messages on the channels selected with -c. A wild card watches for occurrences of the domain and all sub-domains.

 

ch=all

 

Sm off ch=ch N Sm on

selects SIE messages or IP packets on the specified channel number or all channels.

 

error

selects SIE messages or IP packets that could not be decoded.

In addition, (shared) can be appended to IP and file ... dns watches to indicate addresses or domains that are not used exclusively.

-u

disable NMSG output buffering.

-z

enable NMSG zlib container compression.