Man Linux: Main Page and Category List

flow-receive(1)                                                flow-receive(1)

NAME

       flow-receive — Receive flow data with the NetFlow protocol.

SYNOPSIS

       flow-receive [-h]  [-b big|little]  [-C comment]  [-d debug_level]  [-o
       output_file]   [-S  stat_interval]   [-V  pdu_version]   [-z   z_level]
       localip/remoteip/port

DESCRIPTION

       The  flow-receive  utility  is used to receive flows in NetFlow format.
       When the remoteip is configured only flows from that exporter  will  be
       processed, this is the most secure and recommended configuration.  When
       the localip is configured flow-receive will only process flows sent  to
       the   localip IP address.  If remoteip is 0 (not configured) flows from
       any source IP  address  are  accepted.   Multiple  non  aggregated  PDU
       versions  may  be  accepted  at  once  to support Cisco’s Catalyst 6500
       NetFlow implementation which exports from both the supervisor and  MSFC
       with  the  same IP address and same port but different export versions.
       In this case the exports will be stored in the format specified by  the
       -V flag or whichever export type is received first.

OPTIONS

       -b big|little
                 Byte order of output.

       -C Comment
                 Add a comment.

       -d debug_level
                 Enable debugging.

       -h        Display help.

       -o file   Write to file instead of the standard out.

       -S stat_interval
                 When  configured flow-receive will emit a timestamped message
                 on stderr every  stat_interval  minutes  indicating  counters
                 such  as the number of flows received, packets processed, and
                 lost flows.

       -V pdu_version
                 Use pdu_version format output.

       1    NetFlow version 1 (No sequence numbers, AS, or mask)
       5    NetFlow version 5
       6    NetFlow version 6 (5+ Encapsulation size)
       7    NetFlow version 7 (Catalyst switches)
       8.1  NetFlow AS Aggregation
       8.2  NetFlow Proto Port Aggregation
       8.3  NetFlow Source Prefix Aggregation
       8.4  NetFlow Destination Prefix Aggregation
       8.5  NetFlow Prefix Aggregation
       8.6  NetFlow Destination (Catalyst switches)
       8.7  NetFlow Source Destination (Catalyst switches)
       8.8  NetFlow Full Flow (Catalyst switches)
       8.9  NetFlow ToS AS Aggregation
       8.10 NetFlow ToS Proto Port Aggregation
       8.11 NetFlow ToS Source Prefix Aggregation
       8.12 NetFlow ToS Destination Prefix Aggregation
       8.13 NetFlow ToS Prefix Aggregation
       8.14 NetFlow ToS Prefix Port Aggregation
       1005 Flow-Tools tagged version 5

       -z z_level
                 Configure compression level to  z_level.  0 is  disabled  (no
                 compression), 9 is highest compression.

EXAMPLES

       Listen  on port 9800 on any local interface for exports from IP address
       10.0.0.1, store the exports in flows

       flow-receive 0/10.0.0.1/9800 > flows

       Listen on port 9800 on any local interface from any IP address, display
       the received flows with flow-print.

       flow-receive 0/0/9800 | flow-print

BUGS

       It  is not currently possible to convert between the aggregated formats
       (8.x) and the non aggregated formats (1,5,6,7).

AUTHOR

       Mark Fullmer maf@splintered.net

SEE ALSO

       flow-tools(1)

                                                               flow-receive(1)