NAME
rwipaexport - Export IPA datasets to SiLK binary data files
SYNOPSIS
rwipaexport --catalog=CATALOG [--time=TIME] [--prefix-map-name=NAME]
[--note-add=TEXT] [--note-file-add=FILE]
[--compression-method=COMP_METHOD] OUTPUT_FILE
rwipaexport --help
rwipaexport --version
DESCRIPTION
rwipaexport exports data from an IPA (IP Association, http://tools.netsa.cert.org/ipa/) data store to a SiLK IPSet, Bag, or prefix map file, depending on the type of the stored IPA catalog. For catalogs with time information (e.g. time period at which the stored data is considered valid) data can be selected for a specific time of interest.
OPTIONS
Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.
- --catalog=CATALOG_NAME
-
Specifies the name of the IPA catalog to export from.
- --time=TIME
-
This argument allows you to export a dataset that was active at TIME. The expected format of this option is YYYY/MM/DD[:HH[:MM[:SS]]]. If this option is specified, a dataset will only be returned if TIME falls between the start and end time for the dataset. If this option is not specified, the ``no time'' dataset for that catalog will be returned, if present. See the TIME RANGES section of ipaimport(1) for more information about how catalogs with and without time information are handled.
- --prefix-map-name=NAME
-
When creating a prefix map file, add NAME to the header of the file as the map-name. When this switch is not specified, no map-name is written to the file. If the output is not a prefix map file, the --prefix-map-file switch is ignored.
- --note-add=TEXT
-
Add the specified TEXT to the header of the output file as an annotation. This switch may be repeated to add multiple annotations to a file. To view the annotations, use the rwfileinfo(1) tool.
- --note-file-add=FILENAME
-
Open FILENAME and add the contents of that file to the header of the output file as an annotation. This switch may be repeated to add multiple annotations. Currently the application makes no effort to ensure that FILENAME contains text; be careful that you do not attempt to add a SiLK data file as an annotation.
- --compression-method=COMP_METHOD
-
Set the compression method of the output to COMP_METHOD. Some SiLK tools can use an external library to compress their binary output. The list of available compression methods and the default method are set when SiLK is compiled (the --help and --version switches print the available and default compression methods) and depend on which supported libraries are found. SiLK can support:
- none
-
Do not compress the output using an external library
- zlib
-
Use the zlib(3) library for compressing the output
- lzo1x
-
Use the lzo1x algorithm from the LZO real time compression library for compression
- best
-
Use whichever available method gives the
bestcompression in general, though not necessarily thebestfor this particular output. - --help
-
Print the available options and exit.
- --version
-
Print the version number and information about how SiLK was configured, then exit the application.
EXAMPLES
To export the ``badhosts'' IPSet from an IPA set catalog that has no time information:
$ rwipaexport --catalog=badhosts badhosts.set
To export the ``flowcount'' Bag from an IPA bag catalog that has time information:
rwipaexport --catalog=flowcount --time=2007/04/15 \
flowcount-20070415.bag
SEE ALSO
rwipaimport(1), ipaimport(1), ipaexport(1), ipaquery(1)