NFREPLAY(1) General Commands Manual NFREPLAY(1)
NAME
nfreplay — replay binary flow files as netflow version v5 or v9 to a remote host
SYNOPSIS
nfreplay −r flowfile −H remotehost −p port [−S Sourceaddr] [−j mcastgroup] [−4] [−6] [−v version] [−d usec] [−b buffsize] [−z num] [−c num] [−v] [−H] [filter]
DESCRIPTION
nfreplay reads binary flow files stored by any nfdump collector and sents the flow records to a remote host or a multicast group.
nfreplay sends the data as netflow v5 or v9 to the remote location.
nfreplay accepts a filter to limit the flows to be sent. The filter syntax is equivalent to nfdump.
The options are as follows:
−r flowfile
Read input data from flowfile.
−H remotehost
Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6 IP address.
−j mcastgroup
Join this multicast group and send all flows to this group host. Accepts a symbolic name or multicast IPv4/IPv6 IP address.
−p port
Send all flows to this port on the remote side. Default is 9995.
−S Sourceaddr
Use the specified source IP address to send the flows
−4
Forces nfreplay to send flows to a IPv4 address only. Can be used if the remote host has an IPv4 and IPv6 address record.
−6
Forces nfreplay to send flows to a IPv6 address only. Can be used if the remote host has an IPv4 and IPv6 address record.
−v version
Send flows as netflow version version. Version V5 and v9 are supported. In v5 mode, all additional elements to a stadard v5 record are skipped and 64bit counters are truncated to 32bit. The default is v9.
−u usec
Delay each record by usec mirco seconds, to avoid overrun on the remote host. Default is 10usec.
−B buffsize
Set send buffer to buffsize size in bytes. Useful to buffer larger data transfers.
−z num
Flows are sent
with their "real distribution" acrross time (with
a speed coefficient)
−z 1 : 5 minutes of records will be sent in 5
minutes. − z 20 : 5 minutes of record will be
sent in 5/20 = 0.25 minutes.
−c num
Limit number of records to send to the first num flows.
−V
Print nfreplay version and exit.
−h
Print help text on stdout with all options and exit.
RETURN VALUES
nfreplay returns
255 Initialization failed.
254 Error in filter syntax.
250 Internal error.
SEE ALSO
nfdump(1) nfcapd(1) GNU $Mdocdate$ NFREPLAY(1)