source: tools/tracesplit/tracesplit.1 @ 34d1d98

.TH TRACESPLIT "1" "October 2005" "tracesplit (libtrace)" "User Commands"
.SH NAME
tracesplit \- split traces
.SH SYNOPSIS
.B tracesplit
[ \fB-f \fRbpf | \fB--filter=\fRbpf]
[ \fB-c \fRcount | \fB--count=\fRcount]
[ \fB-b \fRbytes | \fB--bytes=\fRbytes]
[ \fB-i \fRseconds | \fB--seconds=\fRseconds]
[ \fB-s \fRunixtime | \fB--starttime=\fRunixtime]
[ \fB-e \fRunixtime | \fB--endtime=\fRunixtime]
[ \fB-m \fRmaxfiles | \fB--maxfiles=\fRmaxfiles]
[ \fB-S \fRsnaplen | \fB--snaplen=\fRsnaplen]
inputuri outputuri ...
.SH DESCRIPTION
tracesplit splits one trace into multiple tracefiles
.TP
\fB\-f\fR bpf filter
output only packets that match tcpdump style bpf filter

.TP
\fB\-c\fR count
output count packets per output file.  The output file will be named after
the basename given in the outputuri with the packet number of the first packet
in this file.

.TP
\fB\-b\fR bytes
output bytes bytes per file

.TP
\fB\-i\fR seconds
start a new tracefile after "seconds" seconds

.TP
\fB\-s\fR unixtime
don't output any packets before unixtime

.TP
\fB\-e\fR unixtime
don't output any packets after unixtime

.TP
\fB\-m\fR maxfiles
do not create more than "maxfiles" trace files

.TP
\fB\-S\fR snaplen
Truncate packets to "snaplen" bytes long.  The default is collect the entire
packet.

.SH EXAMPLES
create a 1MB erf trace of port 80 traffic.
.nf
tracesplit erf:/traces/bigtrace.gz \-f 'port 80' \-b $[ 1024 * 1024 ] 
erf:/traces/port80.gz 
.fi

.SH LINKS
More details about tracesplit (and libtrace) can be found at
http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

.SH SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1),
tracereport(1), tracertstats(1), tracestats(1), tracedump(1), traceanon(1),
tracesummary(1)

.SH AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz>