Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
rwp2yaf2silk(1)			SiLK Tool Suite		       rwp2yaf2silk(1)

       rwp2yaf2silk - Convert PCAP data	to SiLK	Flow Records with YAF

	 rwp2yaf2silk --in=INPUT_SPEC --out=FILE [--dry-run]
	     [--yaf-program=YAF] [--yaf-args='ARG1 ARG2']
	     [--rwipfix2silk-args='ARG1	ARG2']

	 rwp2yaf2silk --help

	 rwp2yaf2silk --man

	 rwp2yaf2silk --version

       rwp2yaf2silk is a script	to convert a pcap(3) file, such	as that
       produced	by tcpdump(1), to a single file	of SiLK	Flow records.  The
       script assumes that the yaf(1) and rwipfix2silk(1) commands are
       available on your system.

       The --in	and --out switches are required.  Note that the	--in switch is
       processed by yaf, and the --out switch is processed by rwipfix2silk.

       For information on reading live pcap data and using rwflowpack(8) to
       store that data in hourly files,	see the	SiLK Installation Handbook.

       Normally	yaf groups multiple packets into flow records.	You can	almost
       force yaf to create a flow record for every packet so that its output
       is similar to that of rwptoflow(1): When	you give yaf the
       --idle-timeout=0	switch,	yaf creates a flow record for every complete
       packet and for each packet that it is able to completely	reassemble
       from packet fragments.  Any fragmented packets that yaf cannot
       reassemble are dropped.

       Option names may	be abbreviated if the abbreviation is unique or	is an
       exact match for an option.  A parameter to an option may	be specified
       as --arg=param or --arg param, though the first form is required	for
       options that take optional parameters.

	   Read	the pcap records from INPUT_SPEC.  Often INPUT_SPEC is the
	   name	of the pcap file to read or the	string string "-" or "stdin"
	   to read from	standard input.	 To process multiple pcap files,
	   create a text file that lists the names of the pcap files.  Specify
	   the text file as INPUT_SPEC and use "--yaf-args=--caplist" to tell
	   yaf the INPUT_SPEC contains the names of pcap files.

	   Write the SiLK Flow records to FILE.	 The string "stdout" or	"-"
	   may be used for the standard	output,	as long	as it is not connected
	   to a	terminal.

	   Do not invoke any commands, just print the commands that would be

	   Use YAF as the location of the yaf program.	When not specified,
	   rwp2yaf2silk	assumes	there is a program yaf on your $PATH.

	   Pass	the additional ARGS to the yaf program.

	   Use RWIPFIX2SILK as the location of the rwipfix2silk	program.  When
	   not specified, rwp2yaf2silk assumes there is	a program rwipfix2silk
	   on your $PATH.

	   Pass	the additional ARGS to the rwipfix2silk	program.

	   Display a brief usage message and exit.

	   Display full	documentation for rwp2yaf2silk and exit.

	   Print the version number and	exit the application.

       yaf(1), rwipfix2silk(1),	rwflowpack(8), rwptoflow(1), silk(7),
       tcpdump(1), pcap(3), SiLK Installation Handbook

SiLK 3.19.1			  2021-09-21		       rwp2yaf2silk(1)


Want to link to this manual page? Use this URL:

home | help