CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Documentation | Downloads
YAF 0.8.1 | NAF 0.6.0 | SiLK 1.0.1 | RAVE 1.9.9
fixbuf 0.7.3 | ipa 0.2.1 | airdbc 0.2.2 | airframe 0.7.2 | Portal 0.8.0
SiLK - Documentation - rwfileinfo
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwfileinfo - Print information about a SiLK file

SYNOPSIS

  rwfileinfo [--fields=FIELDS] [--summary] [--no-titles] FILE [ FILE ... ]

DESCRIPTION

rwfileinfo prints information about a SiLK file. The information that may be printed is:

  1. format. The output file format, a string and its hexadecimal equivalent: FT_RWSPLIT(0x12), FT_RWFILTER(0x13), etc

  2. version. The version of the above, an integer

  3. byte-order. The byte-order (endian-ness) of the file, a string

  4. compression. The compression library used to compress the data-section of the file, a string and its decimal equivalent (none(0), lzo1x(2). Does not include any external compression, such as if the entire file has been compressed with gzip(1).

  5. header-length. The length of the header in bytes

  6. record-length. The length of a single record in bytes

  7. count-records. The number of records in the file

  8. file-size. The size of the file

  9. command-lines. The command(s) used to generate this file, for tools that support writing that information to the header and for formats that store that information.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--fields=FIELDS
Determines which information about the file is printed. FIELDS is a list of integers representing fields to print. The FIELDS may be a comma separated list of integers; a range may be specified by separating the start and end of the range with a hyphen (-). The available fields are listed above. Fields are always printed in the order given above. If the --fields option is not given, all fields are printed.

--summary
Prints a summary that lists the number of files processed, the sizes of those files, and the number of records contained in those files.

--no-titles
Suppresses printing of the file name and field names; only the values are printed, left justified and one per line.

EXAMPLE

  $ rwfileinfo test1.rwf
  test1.rwf:
    format(id)      FT_RWFILTER(0x13)
    version         1
    byte-order      BigEndian
    compression     none(0)
    header-length   69
    record-length   32
    count-records   1109
    file-size       35557
    command-lines   
                 1  --type=inweb --start-date=2003/12/17:18 --pass=test1.rwf
  $ rwfileinfo --no-titles --field=count-records
  1109

SEE ALSO

rwfilter(1)

YAF | NAF | SiLK | RAVE | fixbuf | ipa | airdbc | airframe | Portal
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2008 Carnegie Mellon University