CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Documentation | Downloads
YAF 0.8.1 | NAF 0.6.0 | SiLK 1.0.1 | RAVE 1.9.9
fixbuf 0.7.3 | ipa 0.2.1 | airdbc 0.2.2 | airframe 0.7.2 | Portal 0.8.0
SiLK - Documentation - rwipfix2silk
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwipfix2silk - Convert IPFIX records to SiLK Flow records

SYNOPSIS

  rwipfix2silk [--silk-output=FILE] [--print-statistics]
        [--compression-method=COMP_METHOD] [IPFIX_FILES...]

DESCRIPTION

rwipfix2silk reads IPFIX (Internet Protocol Flow Information eXport) records from the input files specified on the command line or from the standard input when no files are specified, converts the records to the SiLK Flow format, and writes the SiLK records to the path specified by --silk-output or to the standard output when stdout is not the terminal and --silk-output is not provided.

When stdin is provided as an input file name, rwipfix2silk will read records from the standard input.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--silk-output=FILE
Write the SiLK records to FILE, which must not exist. If the switch is not provided or if FILE has the value stdout, the SiLK flows are written to the standard output.

--print-statistics
Print, to the standard error, the number of records that were written to the SiLK output file, and the number of forward and reverse records that were seen.

--compression-method=COMP_METHOD
Set the compression method of the output to COMP_METHOD. Some SiLK tools can use an external library to compress their binary output. The list of available compression methods and the default method are set when SiLK is compiled (the --help and --version switches print the available and default compression methods) and depend on which supported libraries are found. SiLK can support:
none
Do not compress the output using an external library

zlib
Use the zlib(3) library for compressing the output

lzo1x
Use the lzo1x algorithm from the LZO real time compression library for compression

best
Use whichever available method gives the best compression in general, though not necessarily the best for this particular output.

EXAMPLES

To convert a packet capture (pcap(3)) file, packets.dat, such as that produced by tcpdump(1), to the SiLK format, you could use the yaf tool (see http://tools.netsa.cert.org/yaf/):

  yaf --silk --in packets.dat --out - \
      | rwipfix2silk --silk-output=silk.dat

To convert the file back into an IPFIX format:

  rwsilk2ipfix --silk-output=silk2.rwf ipfix.dat

SEE ALSO

rwsilk2ipfix(1), yaf(1)

YAF | NAF | SiLK | RAVE | fixbuf | ipa | airdbc | airframe | Portal
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2008 Carnegie Mellon University