ngindex − reads data-files in NetFlow format and builds database in Berkeley DB format.
ngindex [options [parameters]] −d DIRNAME −t TEMPLATE FILENAMES
ngindex is utility that builds index in Berkeley DB format from NetFlow files to provide fast search of flows by criterions (by ngfilter).
−d DIRNAME, −-db-dir=DIRNAME
Name of directory with database in Berkley DB format built by ngindex.
−h, −-help
Shows help about these options.
−t TEMPLATE, −-template=TEMPLATE
File, which describes fields of flow records.
−v, --verbose
Enables printing messages to stdout about successful or non-successful operation finish.
−V, --version
Shows version of ngfilter.
−w FUNCNAME, −-infunc=FUNCNAME
Defines name of function that parses the source file with records of flows. By default, function for parsing file of flow-tools format of version NetFlow 5.
TEMPLATE
is a text file, each line of which describes fields of flow record for internal system declaration. This file must be created by user for every format of flow records. Each line must correspond to such a format: FIELD_NAME TYPE LENGTH_OF_FIELD INDEXED
FIELD_NAME
- symbolic name of field in flow record, according to specification NetFlow
|
TYPE |
- one of defined types: int, time, prot, ipv4 |
LENGTH_OF_FILED
- lenght in bytes
INDEXED
- value "indexed" if creating index by this field is necessary or empty if not necessary
Template file may contain
comment lines which begin with symbol ’#’.
For describing fields of records in format NetFlow v5 names
of fields
must correspond to CISCO specification.
To create index
in directory flows_db of files flows-2006-05-10 and
flows-2006-05-11 if these files contain records of flows in
NetFlow v5
format. Field of records are described in template file
netflv5.
ngindex −d flows_db −t netflv5 flows-2006-05-10 flows-2006-05-11
Elena Mitrukova (mitrukov at cs.karelia.ru)
ngfilter(1)