CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Documentation | Downloads
YAF 0.8.1 | NAF 0.6.0 | SiLK 1.0.1 | RAVE 1.9.9
fixbuf 0.7.3 | ipa 0.2.1 | airdbc 0.2.2 | airframe 0.7.2 | Portal 0.8.0
SiLK - Documentation - rwipaexport
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwipaexport - Export IPA datasets to SiLK binary data files

SYNOPSIS

  rwipaimport --catalog=CATALOG [--time=TIME] OUTPUT_FILE

DESCRIPTION

rwipaexport exports data from an IPA data store to either a SiLK IPSet, Bag, or prefix map file, depending on the type of the stored IPA catalog. For catalogs with time information (e.g. time period at which the stored data is considered valid) data can be selected for a specific time of interest.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--catalog=CATALOG_NAME
Specifies the name of the IPA catalog to export from.

--time=TIME
This argument allows you to export a dataset that was active at TIME. The expected format of this option is YYYY/MM/DD[:HH[:MM[:SS]]]. If this option is specified, a dataset will only be returned if TIME falls between the start and end time for the dataset. If this option is not specified, the ``no time'' dataset for that catalog will be returned, if present. See the TIME RANGES section of ipaimport(1) for more information about how catalogs with and without time information are handled.

EXAMPLES

To export the ``badhosts'' IPSet from an IPA set catalog that has no time information:

    $ rwipaexport --catalog=badhosts badhosts.set

To export the ``flowcount'' Bag from an IPA bag catalog that has time information:

    rwipaexport --catalog=flowcount --time=2007/04/15 \
        flowcount-20070415.bag

SEE ALSO

rwipaimport(1), ipaimport(1), ipaexport(1), ipaquery(1)

NOTES

Previous versions of rwipaexport(1) exported prefix map catalogs as text, and required the subsequent use of rwpmapbuild(1) to convert the file into a binary pmap. This is no longer necessary; rwipaexport(1) now exports prefix map catalogs as pmap files directly.

YAF | NAF | SiLK | RAVE | fixbuf | ipa | airdbc | airframe | Portal
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2008 Carnegie Mellon University