DragonFly On-Line Manual Pages

Search: Section:  

TRACESPLIT(1)                    User Commands                   TRACESPLIT(1)


NAME

       tracesplit - split traces


SYNOPSIS

       tracesplit [ -f bpf | --filter=bpf] [ -c count | --count=count] [ -b
       bytes | --bytes=bytes] [ -i seconds | --seconds=seconds] [ -s unixtime
       | --starttime=unixtime] [ -e unixtime | --endtime=unixtime] [ -m
       maxfiles | --maxfiles=maxfiles] [ -S snaplen | --snaplen=snaplen] [ -z
       level | --compress-level=level] [ -Z method | --compress-type=method]
       inputuri [inputuri ...] outputuri


DESCRIPTION

       tracesplit splits the given input traces into multiple tracefiles

       -f bpf filter
              output only packets that match tcpdump style bpf filter

       -c count
              output count packets per output file.  The output file will be
              named after the basename given in the outputuri with the packet
              number of the first packet in this file.

       -b bytes
              output bytes bytes per file

       -i seconds
              start a new tracefile after "seconds" seconds

       -s unixtime
              don't output any packets before unixtime

       -e unixtime
              don't output any packets after unixtime

       -m maxfiles
              do not create more than "maxfiles" trace files

       -S snaplen
              Truncate packets to "snaplen" bytes long.  The default is
              collect the entire packet.

       -z level
              Compress the data using the specified compression level, ranging
              from 0 to 9.  Higher compression levels tend to result in better
              compression but require more processing power to compress.

       -Z compression-method
              Compress the data using the specified compression algorithm.
              Accepted methods are "gzip", "bzip2", "lzo" or "none". Default
              value is none unless a compression level is specified, in which
              case gzip will be used.


EXAMPLES

       create a 1MB erf trace of port 80 traffic.
       tracesplit -z 1 -Z gzip -f 'port 80' -b $[ 1024 * 1024 ]
       erf:/traces/bigtrace.gz erf:/traces/port80.gz


LINKS

       More details about tracesplit (and libtrace) can be found at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation


SEE ALSO

       libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1),
       tracesplit_dir(1), tracereport(1), tracertstats(1), tracestats(1),
       tracepktdump(1), traceanon(1), tracesummary(1), tracereplay(1),
       tracediff(1), traceends(1), tracetopends(1)


AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>

tracesplit (libtrace)            January 2011                    TRACESPLIT(1)

Search: Section: