fstrm_capture(1) FreeBSD General Commands Manual fstrm_capture(1)
NAME
fstrm_capture - Receive and save Frame Streams data from a socket.
SYNOPSIS
fstrm_capture -t content-type -w filename
[ -u socket-path ] [ -a IP -p port ]
[ -c max-connections ] [ -b buffer-size ]
[ -s seconds ] [ --gmtime ] [ --localtime ]
[ -d [-d ...] ]
fstrm_capture --type content-type --write filename
[ --unix socket-path ] [ --tcp IP --port port ]
[ --maxconns max-connections ] [ --buffersize buffer-size ]
[ --split seconds ] [ --gmtime ] [ --localtime ]
[ --debug [--debug ...] ]
DESCRIPTION
fstrm_capture listens on a UNIX domain or TCP socket, receives Frame
Streams data, and writes the data to a file.
OPTIONS
-w filename | --write filename
Write data to the file filename.
If the --gmtime or --localtime option is given, filename is
preprocessed with strftime(). This will allow specifying a
format string which includes the date and time, for example, for
the created filename.
If filename is "-" and standard output is not connected to a
terminal, fstrm_capture will write to standard output. Output
splitting (-s) may not be used with a filename of "-".
Sending SIGHUP to fstrm_capture will flush any buffered output
to the file. Sending SIGUSR1 will close and reopen the file.
-t content-type | --type content-type
Specify the content-type to receive from the socket and write to
the output filename.
-u socket-path | --unix socket-path
Listen on the Unix domain socket socket-path to receive Frame
Streams data. Only one of -u or -a may be given.
-a IP | --tcp IP
Listen for TCP connections on address IP to receive Frame
Streams data. Only one of -u or -a may be given. Use of -a
requires a port given with -p.
-p port | --port port
If -a is given, listen on TCP port port to receive Frame Streams
data.
-c max-conns | --maxconns max-conns
Allow at most max-conns concurrent connections. If not
specified, concurrent connections are not limited.
-b buffersize | --buffersize buffersize
Set read buffer size to buffersize bytes. Combined with -c, this
can be used to limit the total memory usage of fstrm_capture.
The buffersize also affects the maximum frame size which
fstrm_capture will accept. Frames larger than buffersize,
including the 4-byte framing overhead, will be discarded.
The default buffersize is 262144 (256KiB).
-s interval | --split interval
Reopen output file every interval seconds. Requires the use of
either the --gmtime or --localtime options.
Note that this file rotation is triggered by incoming data, so
it may be delayed after the interval.
--gmtime
Process the --write filename through strftime() with the current
time in GMT. This --gmtime option may be used to provide a
timestamped output file when starting fstrm_capture or when
reopening an output file using the --split option or when
receiving a SIGUSR1 signal.
--localtime
Process the --write filename through strftime() with the current
time in the system local time zone. This --localtime option may
be used to provide a timestamped output file when starting
fstrm_capture or when reopening an output file using the --split
option or when receiving a SIGUSR1 signal.
-d [ -d ... ] | --debug [ --debug ]
Increase debugging level. Without -d, fstrm_capture prints only
critical error messages. Up to five -d options may be specified,
after which more repetitions will have no effect.
EXAMPLES
Receive dnstap data and save to hourly rotating files (with a converted
filename such as /var/log/dnstap/dnstap-2018-05-04-12:58:48.fstrm).
fstrm_capture -t protobuf:dnstap.Dnstap \
-u /var/run/named/dnstap.sock \
-w /var/log/dnstap/dnstap-%F-%T.fstrm \
-s 3600 --gmtime
SEE ALSO
fstrm_dump(1), fstrm_replay(1), strftime(3),
Frame Streams C Library https://farsightsec.github.io/fstrm
fstrm_capture(1)
man2web Home...