DragonFly On-Line Manual Pages

Search: Section:  

IPFIXDUMP(1)                 Yet Another Flowmeter                IPFIXDUMP(1)


NAME

       ipfixDump - IPFIX file dumper


SYNOPSIS

           ipfixDump    [--in FILE_NAME][--out FILE_NAME]
                        [--yaf]
                        [--templates][--data][--stats]
                        [--version]


DESCRIPTION

       ipfixDump is a tool to read IPFIX files and dump the contents in ASCII
       to perform low level analysis of the files.  ipfixDump uses libfixbuf
       to decode the files and it does not need any user input as to what the
       file contains as long as the IPFIX templates are at the beginning of
       the file.  Any records that do not have a corresponding template will
       be ignored.

       By default, ipfixDump uses the standard information model provided by
       libfixbuf.  If ipfixDump is given the --yaf switch, it will include the
       yaf CERT private enterprise information elements.  If yaf was
       configured to enable DPI (plugins) ipfixDump will also add the DPI
       elements that yaf can export.

       ipfixDump supports Options templates and records.  ipfixDump will write
       all IPFIX templates and data records to the output file.  It will also
       write message and set headers when present.

       ipfixDump supports IPFIX structured data in the form of basicLists,
       subTemplateLists, and subTemplateMultiLists.

       ipfixDump currently does not support displaying sequence numbers.


OPTIONS

       The following options are available for ipfixDump.

       --in FILE_NAME
           The FILE_NAME is the filename to read.  The string '-' may be used
           to read from standard input (the default).

       --out FILE_NAME
           FILE_NAME should be the filename to write to or the string '-' may
           be used to write to standard output (the default).

       --yaf
           If present, ipfixDump will include the available yyaaff(1) CERT
           private enterprise information elements.  If yyaaff(1) was configured
           with plugins enabled, ipfixDump will add all of the deep packet
           inspection elements to the information model.  By default, the
           standard IPFIX information model is used (standard elements defined
           by IANA).

       --template
           If present, ipfixDump will only write the templates present in the
           input file.

       --data
           If present, ipfixDump will only write the data records present in
           the input file.

       --stats
           If present, ipfixDump will only write overall file statistics -
           which include the number of templates present, the number of data
           records present, and the number of IPFIX messages present.

       --version
           If present, print version and copyright information to standard
           error and exit.

Examples
       In the following examples, the dollar sign ("$") represents the shell
       prompt.  The text after the dollar sign represents the command line.

        $ ipfixDump --in - --out -

        $ ipfixDump --in /data/ipfix.ipfix --out /data/text.txt --yaf

Known Issues
       Bug reports may be sent directly to the Network Situational Awareness
       team at <netsa-help@cert.org>.


AUTHORS

       Emily Sarneso and the CERT Network Situational Awareness Group
       Engineering Team, <http://www.cert.org/netsa>.


SEE ALSO

       yaf(1), yafscii(1)

2.8.0                             19-Feb-2016                     IPFIXDUMP(1)

Search: Section: