debian man page for tracesplit

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: tracesplit

OS: debian

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

TRACESPLIT(1)							   User Commands						     TRACESPLIT(1)


NAME

       tracesplit - split traces


SYNOPSIS

       tracesplit [ -f bpf | --filter=bpf] [ -c count | --count=count] [ -b bytes | --bytes=bytes] [ -i seconds | --seconds=seconds] [ -s unixtime
       | --starttime=unixtime] [ -e unixtime | --endtime=unixtime] [ -m maxfiles | --maxfiles=maxfiles] [ -S snaplen  |  --snaplen=snaplen]  [	-z
       level | --compress-level=level] [ -Z method | --compress-type=method] inputuri [inputuri ...] outputuri


DESCRIPTION

       tracesplit splits the given input traces into multiple tracefiles

       -f bpf filter
	      output only packets that match tcpdump style bpf filter

       -c count
	      output  count packets per output file.  The output file will be named after the basename given in the outputuri with the packet num-
	      ber of the first packet in this file.

       -b bytes
	      output bytes bytes per file

       -i seconds
	      start a new tracefile after "seconds" seconds

       -s unixtime
	      don't output any packets before unixtime

       -e unixtime
	      don't output any packets after unixtime

       -m maxfiles
	      do not create more than "maxfiles" trace files

       -S snaplen
	      Truncate packets to "snaplen" bytes long.  The default is collect the entire packet.

       -z level
	      Compress the data using the specified compression level, ranging from 0 to 9.  Higher compression levels tend to	result	in  better
	      compression but require more processing power to compress.

       -Z compression-method
	      Compress the data using the specified compression algorithm. Accepted methods are "gzip", "bzip2", "lzo" or "none". Default value is
	      none unless a compression level is specified, in which case gzip will be used.


EXAMPLES

       create a 1MB erf trace of port 80 traffic.
       tracesplit -z 1 -Z gzip -f 'port 80' -b $[ 1024 * 1024 ]
       erf:/traces/bigtrace.gz erf:/traces/port80.gz


LINKS

       More details about tracesplit (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation


SEE ALSO

       libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1), tracereport(1), tracertstats(1),  tracestats(1),  tracepkt-
       dump(1), traceanon(1), tracesummary(1), tracereplay(1), tracediff(1), traceends(1), tracetopends(1)


AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>

tracesplit (libtrace)						   January 2011 						     TRACESPLIT(1)
Related Man Pages
traceanon(1) - debian
tracemerge(1) - debian
tracereport(1) - debian
tracesplit(1) - debian
tracetopends(1) - debian
Similar Topics in the Unix Linux Community
Compress - How small can a file before it will create the .Z
Compress in Unix
Explanation of error message(s)
converting localtime to unixtime
unixtime to formatted date time