NAME

rwfileinfo - Print information about a SiLK file

SYNOPSIS

  rwfileinfo [--fields=FIELDS] [--summary] [--no-titles] FILE [ FILE ... ]

  rwfileinfo --help

  rwfileinfo --version

DESCRIPTION

rwfileinfo prints information about a SiLK file. The information that may be printed is:

1. format. The output file format, a string and its hexadecimal equivalent: FT_RWSPLIT(0x12), FT_RWFILTER(0x13), etc

2. version. The version of the file, an integer. As of SiLK 1.0, the version of the file is distinct from the version of the records in the file.

3. byte-order. The byte-order (endian-ness) of the file, a string

4. compression. The compression library used to compress the data-section of the file, a string and its decimal equivalent (none(0), lzo1x(2). Does not include any external compression, such as if the entire file has been compressed with gzip(1).

5. header-length. The length of the header in bytes

6. record-length. The length of a single record in bytes. This will be 1 if the records do not have a fixed size.

7. count-records. The number of records in the file. If the record-size is 1, this value is the uncompressed size of the data section of the file.

8. file-size. The size of the file as it is on disk

9. command-lines. The command(s) used to generate this file, for tools that support writing that information to the header and for formats that store that information.

10. record-version. The version of the records contained in the file

11. silk-version. The release of SiLK that wrote this file, e.g., 1.0.0. This value is 0 for files written by releases of SiLK prior to 1.0.

12. packed-file-info. The timestamp, flowtype, and sensor for a file in the SiLK data repository.

13. probe-name. The probe information for files created by flowcap(8)

14. annotations. The notes (annotations) that have been added to the file with the --note-add and --note-file-add switches

15. prefix-map. The mapname value for a prefix map file.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--fields=FIELDS

Determines which information about the file is printed. FIELDS is a list of integers representing fields to print. The FIELDS may be a comma separated list of integers; a range may be specified by separating the start and end of the range with a hyphen (-). The available fields are listed above. Fields are always printed in the order given above. If the --fields option is not given, all fields are printed.

--summary

Prints a summary that lists the number of files processed, the sizes of those files, and the number of records contained in those files.

--no-titles

Suppresses printing of the file name and field names; only the values are printed, left justified and one per line.

--help

Print the available options and exit.

--version

Print the version number and information about how SiLK was configured, then exit the application.

EXAMPLE

  $ rwfileinfo tcp-data.rwf
  tcp-data.rwf:
    format(id)          FT_RWGENERIC(0x16)
    version             16
    byte-order          littleEndian
    compression(id)     none(0)
    header-length       208
    record-length       52
    record-version      5
    silk-version        1.0.1
    count-records       7
    file-size           572
    command-lines       
                     1  rwfilter --proto=6 --pass=tcp-data.rwf ...
    annotations         
                     1  This is some interesting TCP data

  $ rwfileinfo --no-titles --field=count-records tcp-data.rwf
  7

SEE ALSO

rwfilter(1)