Man page - nfreplay(1)

Packages contains this manual

Package:  nfdump
apt-get install nfdump

Manuals in package:
• nfpcapd(1)
• nfdump(1)
• nfprofile(1)
• nfcapd(1)
• nfreplay(1)
• nfanon(1)
• nfexpire(1)
Documentations in package:
• nfdump

Manual

---

NFREPLAY (1) General Commands Manual NFREPLAY (1)

NAME

nfreplay — replay binary flow files as netflow version v5 or v9 to a remote host

SYNOPSIS

nfreplay -r flowfile -H remotehost -p port [ -S Sourceaddr ] [ -j mcastgroup ] [ -4 ] [ -6 ] [ -v version ] [ -d usec ] [ -b buffsize ] [ -z num ] [ -c num ] [ -v ] [ -H ] [ filter ]

DESCRIPTION

nfreplay reads binary flow files stored by any nfdump collector and sents the flow records to a remote host or a multicast group.

nfreplay sends the data as netflow v5 or v9 to the remote location.

nfreplay accepts a filter to limit the flows to be sent. The filter syntax is equivalent to nfdump.

The options are as follows:

-r flowfile

Read input data from flowfile.

-H remotehost

Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6 IP address.

-j mcastgroup

Join this multicast group and send all flows to this group host. Accepts a symbolic name or multicast IPv4/IPv6 IP address.

-p port

Send all flows to this port on the remote side. Default is 9995.

-S Sourceaddr

Use the specified source IP address to send the flows

-4

Forces nfreplay to send flows to a IPv4 address only. Can be used if the remote host has an IPv4 and IPv6 address record.

-6

Forces nfreplay to send flows to a IPv6 address only. Can be used if the remote host has an IPv4 and IPv6 address record.

-v version

Send flows as netflow version version . Version V5 and v9 are supported. In v5 mode, all additional elements to a stadard v5 record are skipped and 64bit counters are truncated to 32bit. The default is v9.

-u usec

Delay each record by usec mirco seconds, to avoid overrun on the remote host. Default is 10usec.

-B buffsize

Set send buffer to buffsize size in bytes. Useful to buffer larger data transfers.

-z num

Flows are sent with their "real distribution" acrross time (with a speed coefficient)
-z 1 : 5 minutes of records will be sent in 5 minutes. - z 20 : 5 minutes of record will be sent in 5/20 = 0.25 minutes.

-c num

Limit number of records to send to the first num flows.

-V

Print nfreplay version and exit.

-h

Print help text on stdout with all options and exit.

RETURN VALUES

nfreplay returns
255 Initialization failed.
254 Error in filter syntax.
250 Internal error.

SEE ALSO

nfdump (1) nfcapd (1) Debian $Mdocdate$ NFREPLAY (1)

---