This repository has been archived by the owner on Nov 27, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
doc.go
51 lines (37 loc) · 1.92 KB
/
doc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
/*
`ipfixcat` is a utility to parse and print an IPFIX stream, as defined
by RFC 5101. It's also the minimal demo of how to use the
github.com/calmh/ipfix package.
Installation
Grab a binary release from https://github.com/calmh/ipfixcat/releases.
You can also build from source. Make sure you have Go 1.1 installed. See
http://golang.org/doc/install.
$ go install github.com/calmh/ipfixcat
Output
The output format is JSON with one object per line. Each object has
fields `exportTime` (UNIX epoch seconds), `templateId` and `elements`.
The latter is an array containing the information elements in the same
order as received by the exporter.
Each information element has the fields `name`, `enterprise`, `field`,
`value` and `rawvalue`. For vendor fields that are not described by a
user dictionary, `name` and `value` will be empty and `rawvalue`
contains a byte array. For fully understood fields, `value` contains the
parsed value and `rawvalue` is empty.
There are some statistics that can be enabled as well, see
`ipfixcat -help` for more information.
Examples
Parse a UDP IPFIX stream, using a custom dictionary to interpret vendor
fields. Note that it might take a while to start displaying datasets,
because we need to receive the periodically sent template sets first in
order to be able to parse them.
$ socat udp-recv:4739 stdout | ipfixcat -dict procera-fields.ini
{"exportTime":1374745620,"templateId":49836,"fields":[{"name":"destinationIPv4Address","field":12,"value":"194.153....
{"exportTime":1374745620,"templateId":10299,"fields":[{"name":"destinationIPv6Address","field":28,"value":"2001:470...
{"exportTime":1374745620,"templateId":10299,"fields":[{"name":"destinationIPv6Address","field":28,"value":"2001:470...
...
Don't attempt to use netcat (`nc`) for reading UDP streams. Almost all
distributed versions are broken and truncate UDP packets at 1024 bytes.
License
The MIT License.
*/
package main