SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

MAN page from CentOS Other libfixbuf-ipfixDump-2.4.1-1.el8.x86_64.rpm

IPFIXDUMP

Section: libfixbuf (1)
Updated: %v
Index 

NAME

ipfixDump - Print contents of an IPFIX file as human-readable text 

SYNOPSIS

 ipfixDump [--in FILE_NAME] [--out FILE_NAME]           [--rfc5610] [--element-file FILE_NAME] [--yaf]           [--templates] [--data] [--stats]           [--hexdump[=LEN]] ipfixDump [--version] ipfixDump [--help]
 

DESCRIPTION

ipfixDump is a tool to read an IPFIX file and print its contents ashuman-readable ASCII to assist the user in analyzing the file. ipfixDumpprints all message headers, templates, data records, options templates, andoptions records to the output, plus a one line summary of the file's content.

ipfixDump supports IPFIX structured data in the form of basicLists,subTemplateLists, and subTemplateMultiLists.

By default, ipfixDump reads the IPFIX file from the standard input andwrites the text to the standard output. To specify the input or output file'slocation, use the --in or --out option, respectively.

ipfixDump requires the input file to contain the IPFIX templates thatdescribe the data records within the file, and the template must appear beforethe records that use it. Any records that do not have a corresponding templateare ignored.

The default information model used by ipfixDump includes only the standardinformation elements defined byIANA <https://www.iana.org/assignments/ipfix/ipfix.xhtml> and provided bylibfixbuf. There are three ways to augment the set of elements:

1.
The --rfc5610 option instructs ipfixDump to watch the input for optionsrecords that define private enterprise information elements (as defined byRFC5610 <https://tools.ietf.org/html/rfc5610.html>) and to add those elementsto the information model.
2.
The --element-file=FILE_NAME option tells ipfixDump to parse thecontents of FILE_NAME and add those information elements to the informationmodel. The argument is an XML file whose schema is that used by IANA's XMLInformation Element Registry <https://www.iana.org/assignments/ipfix/ipfix.xml>,with the following additions:
cert:enterpriseId
A number representing the Private Enterprise Number of the element
cert:reversible
A boolean value ("true", "yes", or 1 for true; "false", "no", or 0for false) that specifies whether the element may have a separate identity in areverse flow.

The --element-file option may be used multiple times to load multiple files,and the loaded elements replace existing elements with the same identifier.

3.
The --yaf option loads the CERT private enterprise information elements intothe information model. These elements are used by the NetSA tools yaf(1),pipeline(8), super_mediator(1), and rwsilk2ipfix(1). This option isimplemented as a wrapper over the --element-file option where the file nameis cert_ipfix.xml and ipfixDump checks several directories to attempt tofind this file, stopping once it finds the first file. The list ofdirectories, in search order, is
*
the directory ../share/libfixbuf relative to the directory containing theapplication
*
the libfixbuf subdirectory of the "datadir" directory specified whenipfixDump was configured (defaults to $prefix/share)
*
the share/libfixbuf subdirectory installation folder for the GLib-2 library
*
the libfixbuf subdirectory of the directories specified by the$XDG_DATA_DIRS environment variable, or /usr/local/share and/usr/share/libfixbuf when that variable is empty

ipfixDump exits with an error if it is unable to find the cert_ipfix.xmlfile. See <https://tools.netsa.cert.org/cert-ipfix-registry/> for additionalinformation about this file.

 

OPTIONS

The following options are available for ipfixDump:
--in FILE_NAME
Sets the input file name to FILE_NAME. When the option is not specified,ipfixDump reads from the standard input or exits with an error when thestandard input is a terminal. ipfixDump reads from the standard input ifFILE_NAME is '"-"'.
--out FILE_NAME
Sets the output file name to FILE_NAME. If FILE_NAME exists, it isoverwritten. The string '"-"' may be used to write to standard output (thedefault).
--rfc5610
Tells ipfixDump to scan the IPFIX input file for options records that defineprivate enterprise information elements and to add those elements to theinformation model.
--element-file FILE_NAME
Loads the XML file FILE_NAME and incorporates information elementinformation found in it. The format of the file is described above. Theoption may be used multiple times to load multiple files, and later elementsreplace existing elements when they have the same identifier.
--yaf
Searches for a file named cert_ipfix.xml in several locations and loads thatfile as if it was an argument to --element-file. ipfixDump exits with anerror if it is unable to find the cert_ipfix.xml file.
--templates
Suppresses the printing of records, causing the output to contain only messageheaders, templates, and a summary line.
--data
Suppresses the printing of templates, causing the output to contain onlymessage headers, records, and a summary line.
--stats
Suppresses the printing of all message headers, templates, and records. Theoutput consists of the number of messages, templates, and records present inthe input, and a two-column list showing template IDs found in the input and acount of the number of records that used that template.
--hexdump
For data record elements whose type is octetArray, prints each octet as a2-digit hexadecimal value with a no separator between the values. The lengthof the element precedes the hexadecimal output. ipfixDump uses this displayfor octetArray elements that are variable length or whose length is greaterthan eight. Without this option, only the length of the octetArray elementsare printed. Note that fixed-width octetArray elements whose length is lessthan or equal to eight are always printed as a decimal number regardless ofthis option.
--hexdump=LEN
When the optional parameter LEN is provided to --hexdump, only the firstLEN octets of the value are printed. If LEN is zero, only the length ofoctetArray values is printed. A LEN that is negative or larger than 65535is treated as the maximum, 65535.
--version
Prints version and copyright information to standard error and exits.
--help
Prints a brief usage message to the standard output and exits.
 

Examples

In the following examples, the dollar sign (``$'') represents the shellprompt. The text after the dollar sign represents the command line.

 $ ipfixDump --in - --out - $ ipfixDump --in /data/ipfix.ipfix --out /data/text.txt --yaf
 

Known Issues

Bug reports may be sent directly to the Network Situational Awareness team at<netsa-helpAATTcert.org>. 

AUTHORS

Emily Sarneso and the CERT Network Situational Awareness Group EngineeringTeam, <http://www.cert.org/netsa>. 

SEE ALSO

yaf(1), yafscii(1), yafdpi(1), super_mediator(1), pipeline(8),rwsilk2ipfix(1), <https://tools.netsa.cert.org/cert-ipfix-registry/>,<https://www.iana.org/assignments/ipfix/ipfix.xhtml>


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
Examples
Known Issues
AUTHORS
SEE ALSO

This document was created byman2html,using the manual pages.