nfreplay reads binary flow files stored by any nfdump collector and sents the flow records to a remote
host or a multicast group.
nfreplay sends the data as netflow v5 or v9 to the remote location.
nfreplay accepts a filter to limit the flows to be sent. The filter syntax is equivalent to nfdump.
The options are as follows:
-rflowfile
Read input data from flowfile.-Hremotehost
Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6 IP address.
-jmcastgroup
Join this multicast group and send all flows to this group host. Accepts a symbolic name or
multicast IPv4/IPv6 IP address.
-pport
Send all flows to this port on the remote side. Default is 9995.
-SSourceaddr
Use the specified source IP address to send the flows
-4 Forces nfreplay to send flows to a IPv4 address only. Can be used if the remote host has an IPv4
and IPv6 address record.
-6 Forces nfreplay to send flows to a IPv6 address only. Can be used if the remote host has an IPv4
and IPv6 address record.
-vversion
Send flows as netflow version version. Version V5 and v9 are supported. In v5 mode, all
additional elements to a stadard v5 record are skipped and 64bit counters are truncated to 32bit.
The default is v9.
-uusec
Delay each record by usec mirco seconds, to avoid overrun on the remote host. Default is 10usec.
-Bbuffsize
Set send buffer to buffsize size in bytes. Useful to buffer larger data transfers.
-znum Flows are sent with their "real distribution" acrross time (with a speed coefficient)
-z 1 : 5 minutes of records will be sent in 5 minutes. - z 20 : 5 minutes of record will be sent
in 5/20 = 0.25 minutes.
-cnum Limit number of records to send to the first num flows.
-V Print nfreplay version and exit.
-h Print help text on stdout with all options and exit.
Install Now
PNG Icons
