CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Documentation | Downloads
YAF 0.8.1 | NAF 0.6.0 | SiLK 1.0.1 | RAVE 1.9.9
fixbuf 0.7.3 | ipa 0.2.1 | airdbc 0.2.2 | airframe 0.7.2 | Portal 0.8.0
SiLK - Documentation - rwp2yaf2silk
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwp2yaf2silk - Convert PCAP data to SiLK Flow Records with YAF

SYNOPSIS

 rwp2yaf2silk --in=INPUT_SPEC --out=FILE [--dry-run]
     [--yaf-program=YAF] [--yaf-args='ARG1 ARG2']
     [--rwipfix2silk-program=RWIPFIX2SILK] [--rwipfix2silk-args='ARG1 ARG2']

DESCRIPTION

rwp2yaf2silk is a script to convert a pcap(3) file, such as that produced by tcpdump(1), to a single file of SiLK Flow records. The script assumes that the yaf(1) and rwipfix2silk(1) commands are available on your system.

The --in and --out switches are required. Note that the --in switch is processed by yaf, and the --out switch is processed by <rwipfix2silk>.

For information on reading live pcap data and using rwflowpack(8) to store that data in hourly files, see the SiLK Installation Handbook.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--in=INPUT_SPEC
Read the pcap records from INPUT_SPEC. If reading from a file, this is a filename, a directory name, a file glob pattern (in which case it should be escaped or quoted to prevent the shell from expanding the glob pattern), or the string - or stdin to read from standard input.

--out=FILE
Write the SiLK Flow records to FILE. The string stdout or - may be used for the standard output, as long as it is not connected to a terminal.

--dry-run
Do not invoke any commands, just print the commands that would be invoked.

--yaf-program=YAF
Use YAF as the location of the yaf program. When not specified, rwp2yaf2silk assumes there is a program yaf on your $PATH.

--yaf-args=ARGS
Pass the additional ARGS to the yaf program.

--rwipfix2silk-program=RWIPFIX2SILK
Use RWIPFIX2SILK as the location of the rwipfix2silk program. When not specified, rwp2yaf2silk assumes there is a program rwipfix2silk on your $PATH.

--rwipfix2silk-args=ARGS
Pass the additional ARGS to the rwipfix2silk program.

SEE ALSO

yaf(1), rwipfix2silk(1), SiLK Installation Handbook

YAF | NAF | SiLK | RAVE | fixbuf | ipa | airdbc | airframe | Portal
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2008 Carnegie Mellon University