nfexpire(1)nfexpire(1)NAME
nfanon - netflow anonymisation
SYNOPSIS
nfanon [options]
DESCRIPTION
nfanon is used to anonymise all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptogra-
phy-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character
string, or a 64 hex digit string starting with 0x.
See http://www.cc.gatech.edu/computing/Telecomm/cryptopan/ for more information about CryptoPAn.
nfanon has several modes of operation.
o nfanon reads a sequence of input files, specified by -r, -R and -M and anonymises the flows in the given files. The input file arguments
have the same syntax and meaning as nfdump(1).
o nfanon reads a sequence of input files, specified by -r, -R and -M. All anonymised flows are written to a single file specified by -w.
o nfanon works as filter and reads flows from stding and writes the anonymised flows to stdout.
OPTIONS -r inputfile
Read input data from inputfile. Default is read from stdin.
-R expr
Read input from a sequence of files in the same directory. expr may be one of:
/any/dir Read recursively all files in directory dir.
/dir/file Read all files beginning with file.
/dir/file1:file2 Read all files from file1 to file2.
Note: files are read in alphabetical sequence.
-M expr
Read input from multiple directories. expr looks like: /any/path/to/dir1:dir2:dir3 etc. and will be expanded to the directories:
/any/path/to/dir1, /any/path/to/dir2 and /any/path/to/dir3 Any number of colon separated directories may be given. The files to read are
specified by -r or -R and are expected to exist in all the given directories. The options -r and -R must not contain any directory part
when used in conjunction with -M.
-w outputfile
If specified writes anonymised netflow records to outputfile.
-K key
The key is used to initialize the Rijndael cipher. key is either a 32 character string, or a 64 hex digit string starting with 0x.
RETURN VALUE
Returns
0 No error.
255 Initialization failed.
250 Internal error.
NOTES
None.
SEE ALSO nfdump(1)BUGS
2009-09-09 nfexpire(1)
Check Out this Related Man Page
nfexpire(1)nfexpire(1)NAME
nfexpire - data expiry program
SYNOPSIS
nfexpire [options]
DESCRIPTION
nfexpire is used to manage the expiration of old netflow data files, created by nfcapd(1) or other data collectors such as sfcapd(1). Data
expiration is done either by nfcapd(1) in auto expiry mode, or by nfexpire which can by run at any time or any desired time interval by
cron. nfexpire can also be savely run while nfcapd auto expires files, for cleaning up full disks etc. nfexpire is sub directory hierarchy
aware, and handles any format automatically. For a fast and efficient expiration, nfexpire creates and maintains a stat file named .nfstat
in the data directory. Any directory supplied with the options below corresponds to the data directory supplied to nfcapd(1) using option
-l.
OPTIONS -l directory
List current data statistics in directory datadir.
-r directory
Rescan the specified directory to update the statfile. To be used only when explicit update is required. Usually nfexpire takes care
itself about rescanning, when needed.
-e datadir
Expire files in the specified directory. Expire limits are taken from statfile ( see -u ) or from supplied options -s -t and -w. Command
line options overwrite stat file values, however the statfile limits are not changed.
-s maxsize
Set size limit for the directory. The specified limit accepts values such as 100M, 100MB 1G 1.5G etc. Accpeted size factors are K, KB,
M, MB, G, GB and T, TB. If no factor is supplied bytes (B) is assumed. A value of 0 disables the max size limit.
-t maxlife_time
Sets the max life time for files in the directory. The supplied maxlife_time accepts values such as 31d, 240H 1.5d etc. Accpeted time
scales are w (weeks) d (days) H (hours). A value of 0 disables the max lifetime limit. If no scale is given, H (hours) are assumed.
-u datadir
Updates the max size and lifetime limits, specified by -s -t and -w and stores them in the statfile as default values. A running
nfcapd(1) processs doing auto expiry will take these new values starting with the next expiry cycle. Running nfexpire next time doing
file expiration will take these new limits unless -s -t or -w are specified.
-w watermark
Set the water mark in % for expiring data. If a limit is hit, files get expired down to this level in % of that limit. If not set, the
default is 95%.
-h Print help text on stdout with all options and exit.
-p Directories specified by -e, -l and -r are interpreted as profile directories. Only NfSen will need this option.
-Y Print result in parseable format. Only NfSen will need this option.
RETURN VALUE
Returns
0 No error.
255 Initialization failed.
250 Internal error.
NOTES
There are two ways to expire files: nfcapd in auto-expire mode ( option -e ) and nfexpire running by hand or periodically as cron job. Both
ways synchronize access to the files, therefore both ways can be run in parallel if required.
Expiring by nfcapd in auto-expire mode: option -e
If nfcapd is started with option -e, the auto-expire mode is enabled. After each cycle ( typically 5min ) nfcapd expires files according to
the limits set with nfexpire using options -u -s -t and -w. If initially no limits are set, no files get expired.
Expiring by nfexpire
nfexpire can be run at any time to expire files. It automatically syncs up with the files created by nfcapd in the mean time since the last
expire run, if a nfcapd collector process is running for that directory in question and expires the files according the limits set.
Limits
Files are expired according to two limits: maximum disk space used by all files in the directory and maximum lifetime of data files, what-
ever limit is reached first. If one of the limit is hit the expire process will delete files down to the watermark of that limit.
SEE ALSO nfcapd(1)BUGS
2009-09-09 nfexpire(1)