Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
rwp2yaf2silk(1)			SiLK Tool Suite		       rwp2yaf2silk(1)

NAME
       rwp2yaf2silk - Convert PCAP data	to SiLK	Flow Records with YAF

SYNOPSIS
	 rwp2yaf2silk --in=INPUT_SPEC --out=FILE [--dry-run]
	     [--yaf-program=YAF] [--yaf-args='ARG1 ARG2']
	     [--rwipfix2silk-program=RWIPFIX2SILK]
	     [--rwipfix2silk-args='ARG1	ARG2']

	 rwp2yaf2silk --help

	 rwp2yaf2silk --man

	 rwp2yaf2silk --version

DESCRIPTION
       rwp2yaf2silk is a script	to convert a pcap(3) file, such	as that
       produced	by tcpdump(1), to a single file	of SiLK	Flow records.  The
       script assumes that the yaf(1) and rwipfix2silk(1) commands are
       available on your system.

       The --in	and --out switches are required.  Note that the	--in switch is
       processed by yaf, and the --out switch is processed by rwipfix2silk.

       For information on reading live pcap data and using rwflowpack(8) to
       store that data in hourly files,	see the	SiLK Installation Handbook.

       Normally	yaf groups multiple packets into flow records.	You can	almost
       force yaf to create a flow record for every packet so that its output
       is similar to that of rwptoflow(1): When	you give yaf the
       --idle-timeout=0	switch,	yaf creates a flow record for every complete
       packet and for each packet that it is able to completely	reassemble
       from packet fragments.  Any fragmented packets that yaf cannot
       reassemble are dropped.

OPTIONS
       Option names may	be abbreviated if the abbreviation is unique or	is an
       exact match for an option.  A parameter to an option may	be specified
       as --arg=param or --arg param, though the first form is required	for
       options that take optional parameters.

       --in=INPUT_SPEC
	   Read	the pcap records from INPUT_SPEC.  Often INPUT_SPEC is the
	   name	of the pcap file to read or the	string string "-" or "stdin"
	   to read from	standard input.	 To process multiple pcap files,
	   create a text file that lists the names of the pcap files.  Specify
	   the text file as INPUT_SPEC and use "--yaf-args=--caplist" to tell
	   yaf the INPUT_SPEC contains the names of pcap files.

       --out=FILE
	   Write the SiLK Flow records to FILE.	 The string "stdout" or	"-"
	   may be used for the standard	output,	as long	as it is not connected
	   to a	terminal.

       --dry-run
	   Do not invoke any commands, just print the commands that would be
	   invoked.

       --yaf-program=YAF
	   Use YAF as the location of the yaf program.	When not specified,
	   rwp2yaf2silk	assumes	there is a program yaf on your $PATH.

       --yaf-args=ARGS
	   Pass	the additional ARGS to the yaf program.

       --rwipfix2silk-program=RWIPFIX2SILK
	   Use RWIPFIX2SILK as the location of the rwipfix2silk	program.  When
	   not specified, rwp2yaf2silk assumes there is	a program rwipfix2silk
	   on your $PATH.

       --rwipfix2silk-args=ARGS
	   Pass	the additional ARGS to the rwipfix2silk	program.

       --help
	   Display a brief usage message and exit.

       --man
	   Display full	documentation for rwp2yaf2silk and exit.

       --version
	   Print the version number and	exit the application.

SEE ALSO
       yaf(1), rwipfix2silk(1),	rwflowpack(8), rwptoflow(1), silk(7),
       tcpdump(1), pcap(3), SiLK Installation Handbook

SiLK 3.19.1			  2020-08-27		       rwp2yaf2silk(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=rwp2yaf2silk&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help