NAME
tracesplit - split traces
SYNOPSIS
tracesplit [ -f bpf | --filter=bpf] [ -c count | --count=count] [ -b
bytes | --bytes=bytes] [ -i seconds | --seconds=seconds] [ -s unixtime
| --starttime=unixtime] [ -e unixtime | --endtime=unixtime] [ -m
maxfiles | --maxfiles=maxfiles] [ -S snaplen | --snaplen=snaplen]
inputuri outputuri ...
DESCRIPTION
tracesplit splits one trace into multiple tracefiles
-f bpf filter
output only packets that match tcpdump style bpf filter
-c count
output count packets per output file. The output file will be
named after the basename given in the outputuri with the packet
number of the first packet in this file.
-b bytes
output bytes bytes per file
-i seconds
start a new tracefile after "seconds" seconds
-s unixtime
don’t output any packets before unixtime
-e unixtime
don’t output any packets after unixtime
-m maxfiles
do not create more than "maxfiles" trace files
-S snaplen
Truncate packets to "snaplen" bytes long. The default is
collect the entire packet.
EXAMPLES
create a 1MB erf trace of port 80 traffic.
tracesplit erf:/traces/bigtrace.gz -f ’port 80’ -b $[ 1024 * 1024 ]
erf:/traces/port80.gz
LINKS
More details about tracesplit (and libtrace) can be found at
http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1),
tracesplit_dir(1), tracereport(1), tracertstats(1), tracestats(1),
tracedump(1), traceanon(1), tracesummary(1)
AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz>