Ignore:
Timestamp:
09/09/11 11:35:01 (10 years ago)
Author:
Shane Alcock <salcock@…>
Branches:
4.0.1-hotfixes, cachetimestamps, develop, dpdk-ndag, etsilive, getfragoff, help, libtrace4, master, ndag_format, pfring, rc-4.0.1, rc-4.0.2, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance, ringtimestampfixes
Children:
fc01bee
Parents:
c29a0e0
Message:
  • Updated traceends and tracetopends manpages to be about them instead of tracesplit
  • Updated all other manpages to include new tools in their "See also" lists
  • Changed -a argument for traceends to -A to be consistent with tracetopends
File:
1 edited

Legend:

Unmodified
Added
Removed
  • tools/traceends/tracetopends.1

    rc29a0e0 rd6dc0f6  
    1 .TH TRACESPLIT "1" "January 2011" "tracesplit (libtrace)" "User Commands"
     1.TH TRACETOPENDS "1" "September 2011" "tracetopends (libtrace)" "User Commands"
    22.SH NAME
    3 tracesplit \- split traces
     3tracetopends \- reports the endpoints that are responsible for the most traffic
     4in a trace
    45.SH SYNOPSIS
    5 .B tracesplit
    6 [ \fB-f \fRbpf | \fB--filter=\fRbpf]
    7 [ \fB-c \fRcount | \fB--count=\fRcount]
    8 [ \fB-b \fRbytes | \fB--bytes=\fRbytes]
    9 [ \fB-i \fRseconds | \fB--seconds=\fRseconds]
    10 [ \fB-s \fRunixtime | \fB--starttime=\fRunixtime]
    11 [ \fB-e \fRunixtime | \fB--endtime=\fRunixtime]
    12 [ \fB-m \fRmaxfiles | \fB--maxfiles=\fRmaxfiles]
    13 [ \fB-S \fRsnaplen | \fB--snaplen=\fRsnaplen]
    14 [ \fB-z \fRlevel | \fB--compress-level=\fRlevel]
    15 [ \fB-Z \fRmethod | \fB--compress-type=\fRmethod]
    16 inputuri [inputuri ...] outputuri
     6.B tracetopends
     7[ \fB-f \fRbpf ]
     8[ \fB-A \fRaddrtype ]
     9[ \fB-s ]
     10[ \fB-d ]
     11[ \fB-b ]
     12[ \fB-a ]
     13[ \fB-p ]
     14[ \fB-n \fRtopcount ]
     15inputuri [inputuri ...]
    1716.SH DESCRIPTION
    18 tracesplit splits the given input traces into multiple tracefiles
     17tracetopends reports the number of bytes and packets sent and received by the
     18busiest endpoints observed in the input trace(s).
     19
    1920.TP
    2021\fB\-f\fR bpf filter
    21 output only packets that match tcpdump style bpf filter
     22Output only packets that match tcpdump style bpf filter.
    2223
    2324.TP
    24 \fB\-c\fR count
    25 output count packets per output file.  The output file will be named after
    26 the basename given in the outputuri with the packet number of the first packet
    27 in this file.
     25\fB\-n\fR top count
     26Report the top N endpoints (defaults to 10).
    2827
    2928.TP
    30 \fB\-b\fR bytes
    31 output bytes bytes per file
     29\fB\-A\fR address type
     30Specifies how an endpoint should be defined. Suitable options are "mac", "v4"
     31and "v6" which will report endpoint stats for each observed MAC address, IPv4
     32address and IPv6 address respectively.
    3233
    3334.TP
    34 \fB\-i\fR seconds
    35 start a new tracefile after "seconds" seconds
     35\fB\-s
     36Sort endpoints based on the amount of outgoing traffic (will cancel any
     37previous \-d option. This is on by default.
    3638
    3739.TP
    38 \fB\-s\fR unixtime
    39 don't output any packets before unixtime
     40\fB\-d
     41Sort endpoints based on the amount of incoming traffic (will cancel any
     42previous \-s option.
    4043
    4144.TP
    42 \fB\-e\fR unixtime
    43 don't output any packets after unixtime
     45\fB\-b
     46Sort endpoints based on the amount of IP traffic (will cancel any previous
     47\-a or \-p options. This is on by default.
    4448
    4549.TP
    46 \fB\-m\fR maxfiles
    47 do not create more than "maxfiles" trace files
     50\fB\-a
     51Sort endpoints based on the amount of application layer traffic (will cancel
     52any previous \-b or \-p options.
    4853
    4954.TP
    50 \fB\-S\fR snaplen
    51 Truncate packets to "snaplen" bytes long.  The default is collect the entire
    52 packet.
     55\fB\-p
     56Sort endpoints based on the amount of packets (will cancel any previous
     57\-b or \-a options.
    5358
    54 .TP
    55 \fB\-z\fR level
    56 Compress the data using the specified compression level, ranging from 0 to 9.
    57 Higher compression levels tend to result in better compression but require
    58 more processing power to compress.
     59.SH OUTPUT
     60Output is written to stdout in columns separated by blank space.
    5961
    60 .TP
    61 \fB-Z\fR compression-method
    62 Compress the data using the specified compression algorithm. Accepted methods
    63 are "gzip", "bzip2", "lzo" or "none". Default value is none unless a
    64 compression level is specified, in which case gzip will be used.
     62The columns are (in order):
     63 * Endpoint address
     64 * Time last observed
     65 * Packets originating from the endpoint
     66 * Bytes originating from the endpoint (IP header onwards)
     67 * Payload originating from the endpoint (post transport header)
     68 * Packets sent to the endpoint
     69 * Bytes sent to the endpoint (IP header onwards)
     70 * Payload sent to the endpoint (post transport header)
    6571
    6672.SH EXAMPLES
    67 create a 1MB erf trace of port 80 traffic.
     73Find the IPv4 addresses that are sending the most traffic.
    6874.nf
    69 tracesplit \-z 1 -Z gzip \-f 'port 80' \-b $[ 1024 * 1024 ]
    70 erf:/traces/bigtrace.gz erf:/traces/port80.gz
     75tracetopends -A v4 -b -s erf:trace.erf.gz
    7176.fi
    7277
    7378.SH LINKS
    74 More details about tracesplit (and libtrace) can be found at
     79More details about tracetopends (and libtrace) can be found at
    7580http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
    7681
     
    7883libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracesplit_dir(1),
    7984tracereport(1), tracertstats(1), tracestats(1), tracepktdump(1), traceanon(1),
    80 tracesummary(1), tracereplay(1), tracediff(1)
     85tracesummary(1), tracereplay(1), tracediff(1), traceends(1)
    8186
    8287.SH AUTHORS
    83 Perry Lorier <perry@cs.waikato.ac.nz>
     88Shane Alcock <salcock@cs.waikato.ac.nz>
Note: See TracChangeset for help on using the changeset viewer.