README
¶
ipfixcat
ipfixcat is a utility to parse and print an IPFIX stream, as defined by RFC
5101. It's also the minimal demo of how to use the github.com/calmh/ipfix
package.
Installation
Grab a binary release from https://github.com/calmh/ipfixcat/releases.
You can also build from source. Make sure you have Go 1.1 installed. See http://golang.org/doc/install.
$ go install github.com/calmh/ipfixcat
Output
The output format is JSON with one object per line. Each object has fields
exportTime (UNIX epoch seconds), templateId and elements. The latter is an
array containing the information elements in the same order as received by the
exporter.
Each information element has the fields name, enterprise, field, value
and rawvalue. For vendor fields that are not described by a user dictionary,
name and value will be empty and rawvalue contains a byte array. For fully
understood fields, value contains the parsed value and rawvalue is empty.
There are some statistics that can be enabled as well, see ipfixcat -help for
more information.
Examples
Parse a UDP IPFIX stream, using a custom dictionary to interpret vendor fields. Note that it might take a while to start displaying datasets, because we need to receive the periodically sent template sets first in order to be able to parse them.
$ socat udp-recv:4739 stdout | ipfixcat -dict procera-fields.ini
{"exportTime":1374745620,"templateId":49836,"fields":[{"name":"destinationIPv4Address","field":12,"value":"194.153....
{"exportTime":1374745620,"templateId":10299,"fields":[{"name":"destinationIPv6Address","field":28,"value":"2001:470...
{"exportTime":1374745620,"templateId":10299,"fields":[{"name":"destinationIPv6Address","field":28,"value":"2001:470...
...
Don't attempt to use netcat (nc) for reading UDP streams. Almost all
distributed versions are broken and truncate UDP packets at 1024 bytes.
License
The MIT License.
Documentation
¶
Overview ¶
`ipfixcat` is a utility to parse and print an IPFIX stream, as defined by RFC 5101. It's also the minimal demo of how to use the github.com/calmh/ipfix package.
Installation ¶
Grab a binary release from https://github.com/calmh/ipfixcat/releases.
You can also build from source. Make sure you have Go 1.1 installed. See http://golang.org/doc/install.
$ go install github.com/calmh/ipfixcat
Output ¶
The output format is JSON with one object per line. Each object has fields `exportTime` (UNIX epoch seconds), `templateId` and `elements`. The latter is an array containing the information elements in the same order as received by the exporter.
Each information element has the fields `name`, `enterprise`, `field`, `value` and `rawvalue`. For vendor fields that are not described by a user dictionary, `name` and `value` will be empty and `rawvalue` contains a byte array. For fully understood fields, `value` contains the parsed value and `rawvalue` is empty.
There are some statistics that can be enabled as well, see `ipfixcat -help` for more information.
Examples ¶
Parse a UDP IPFIX stream, using a custom dictionary to interpret vendor fields. Note that it might take a while to start displaying datasets, because we need to receive the periodically sent template sets first in order to be able to parse them.
$ socat udp-recv:4739 stdout | ipfixcat -dict procera-fields.ini
{"exportTime":1374745620,"templateId":49836,"fields":[{"name":"destinationIPv4Address","field":12,"value":"194.153....
{"exportTime":1374745620,"templateId":10299,"fields":[{"name":"destinationIPv6Address","field":28,"value":"2001:470...
{"exportTime":1374745620,"templateId":10299,"fields":[{"name":"destinationIPv6Address","field":28,"value":"2001:470...
...
Don't attempt to use netcat (`nc`) for reading UDP streams. Almost all distributed versions are broken and truncate UDP packets at 1024 bytes.
License ¶
The MIT License.
Source Files