Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
IPFIXDUMP(1)			   libfixbuf			  IPFIXDUMP(1)

NAME
       ipfixDump - Print contents of an	IPFIX file as human-readable text

SYNOPSIS
	ipfixDump [--in	FILE_NAME] [--out FILE_NAME]
		  [--rfc5610] [--element-file FILE_NAME] [--yaf]
		  [--templates]	[--data] [--stats]
		  [--hexdump[=LEN]]

	ipfixDump [--version]

	ipfixDump [--help]

DESCRIPTION
       ipfixDump is a tool to read an IPFIX file and print its contents	as
       human-readable ASCII to assist the user in analyzing the	file.
       ipfixDump prints	all message headers, templates,	data records, options
       templates, and options records to the output, plus a one	line summary
       of the file's content.

       ipfixDump supports IPFIX	structured data	in the form of basicLists,
       subTemplateLists, and subTemplateMultiLists.

       By default, ipfixDump reads the IPFIX file from the standard input and
       writes the text to the standard output.	To specify the input or	output
       file's location,	use the	--in or	--out option, respectively.

       ipfixDump requires the input file to contain the	IPFIX templates	that
       describe	the data records within	the file, and the template must	appear
       before the records that use it.	Any records that do not	have a
       corresponding template are ignored.

       The default information model used by ipfixDump includes	only the
       standard	information elements defined by	IANA
       <https://www.iana.org/assignments/ipfix/ipfix.xhtml> and	provided by
       libfixbuf.  There are three ways	to augment the set of elements:

       1.  The --rfc5610 option	instructs ipfixDump to watch the input for
	   options records that	define private enterprise information elements
	   (as defined by RFC5610 <https://tools.ietf.org/html/rfc5610.html>)
	   and to add those elements to	the information	model.

       2.  The --element-file=FILE_NAME	option tells ipfixDump to parse	the
	   contents of FILE_NAME and add those information elements to the
	   information model.  The argument is an XML file whose schema	is
	   that	used by	IANA's XML Information Element Registry
	   <https://www.iana.org/assignments/ipfix/ipfix.xml>, with the
	   following additions:

	   cert:enterpriseId
	       A number	representing the Private Enterprise Number of the
	       element

	   cert:reversible
	       A boolean value ("true",	"yes", or 1 for	true; "false", "no",
	       or 0 for	false) that specifies whether the element may have a
	       separate	identity in a reverse flow.

	   The --element-file option may be used multiple times	to load
	   multiple files, and the loaded elements replace existing elements
	   with	the same identifier.

       3.  The --yaf option loads the CERT private enterprise information
	   elements into the information model.	 These elements	are used by
	   the NetSA tools yaf(1), pipeline(8),	super_mediator(1), and
	   rwsilk2ipfix(1).  This option is implemented	as a wrapper over the
	   --element-file option where the file	name is	cert_ipfix.xml and
	   ipfixDump checks several directories	to attempt to find this	file,
	   stopping once it finds the first file.  The list of directories, in
	   search order, is

	   o   the directory ../share/libfixbuf	relative to the	directory
	       containing the application

	   o   the libfixbuf subdirectory of the "datadir" directory specified
	       when ipfixDump was configured (defaults to $prefix/share)

	   o   the share/libfixbuf subdirectory	installation folder for	the
	       GLib-2 library

	   o   the libfixbuf subdirectory of the directories specified by the
	       $XDG_DATA_DIRS environment variable, or /usr/local/share	and
	       /usr/share/libfixbuf when that variable is empty

	   ipfixDump exits with	an error if it is unable to find the
	   cert_ipfix.xml file.	 See
	   <https://tools.netsa.cert.org/cert-ipfix-registry/> for additional
	   information about this file.

OPTIONS
       The following options are available for ipfixDump:

       --in FILE_NAME
	   Sets	the input file name to FILE_NAME.  When	the option is not
	   specified, ipfixDump	reads from the standard	input or exits with an
	   error when the standard input is a terminal.	 ipfixDump reads from
	   the standard	input if FILE_NAME is '"-"'.

       --out FILE_NAME
	   Sets	the output file	name to	FILE_NAME.  If FILE_NAME exists, it is
	   overwritten.	 The string '"-"' may be used to write to standard
	   output (the default).

       --rfc5610
	   Tells ipfixDump to scan the IPFIX input file	for options records
	   that	define private enterprise information elements and to add
	   those elements to the information model.

       --element-file FILE_NAME
	   Loads the XML file FILE_NAME	and incorporates information element
	   information found in	it.  The format	of the file is described
	   above.  The option may be used multiple times to load multiple
	   files, and later elements replace existing elements when they have
	   the same identifier.

       --yaf
	   Searches for	a file named cert_ipfix.xml in several locations and
	   loads that file as if it was	an argument to --element-file.
	   ipfixDump exits with	an error if it is unable to find the
	   cert_ipfix.xml file.

       --templates
	   Suppresses the printing of records, causing the output to contain
	   only	message	headers, templates, and	a summary line.

       --data
	   Suppresses the printing of templates, causing the output to contain
	   only	message	headers, records, and a	summary	line.

       --stats
	   Suppresses the printing of all message headers, templates, and
	   records.  The output	consists of the	number of messages, templates,
	   and records present in the input, and a two-column list showing
	   template IDs	found in the input and a count of the number of
	   records that	used that template.

       --hexdump
	   For data record elements whose type is octetArray, prints each
	   octet as a 2-digit hexadecimal value	with a no separator between
	   the values.	The length of the element precedes the hexadecimal
	   output.  ipfixDump uses this	display	for octetArray elements	that
	   are variable	length or whose	length is greater than eight.  Without
	   this	option,	only the length	of the octetArray elements are
	   printed.  Note that fixed-width octetArray elements whose length is
	   less	than or	equal to eight are always printed as a decimal number
	   regardless of this option.

       --hexdump=LEN
	   When	the optional parameter LEN is provided to --hexdump, only the
	   first LEN octets of the value are printed.  If LEN is zero, only
	   the length of octetArray values is printed.	A LEN that is negative
	   or larger than 65535	is treated as the maximum, 65535.

       --version
	   Prints version and copyright	information to standard	error and
	   exits.

       --help
	   Prints a brief usage	message	to the standard	output and exits.

Examples
       In the following	examples, the dollar sign ("$")	represents the shell
       prompt.	The text after the dollar sign represents the command line.

	$ ipfixDump --in - --out -

	$ ipfixDump --in /data/ipfix.ipfix --out /data/text.txt	--yaf

Known Issues
       Bug reports may be sent directly	to the Network Situational Awareness
       team at <netsa-help@cert.org>.

AUTHORS
       Emily Sarneso and the CERT Network Situational Awareness	Group
       Engineering Team, <http://www.cert.org/netsa>.

SEE ALSO
       yaf(1), yafscii(1), yafdpi(1), super_mediator(1), pipeline(8),
       rwsilk2ipfix(1),	<https://tools.netsa.cert.org/cert-ipfix-registry/>,
       <https://www.iana.org/assignments/ipfix/ipfix.xhtml>

2.3.1				  27-Aug-2020			  IPFIXDUMP(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | Examples | Known Issues | AUTHORS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ipfixDump&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help