| Version 3 (modified by spa1, 15 years ago) (diff) |
|---|
tracesplit will split a single trace into a number of smaller tracefiles.
Usage
tracesplit [ -f exp | --filter=exp ] [ -c num | --count=num ] [ -b num | --bytes=num ] [ -i secs | --interval=secs ] [ -s unixtime | --starttime=unixtime ] [ -e unixtime | --endtime=unixtime ] [ -m files | --maxfiles=files] inputuri outputuri
Options
- -f, --filter
- Only output packets that match the bpf filter expression. See tcpdump(1) for the syntax of the bpf filter expression
- -c, --count
- Output count packets per output file.
- -b, --bytes
- Output num bytes per output file.
- -i, --interval
- Start a new file after secs seconds of trace time.
- -s, --starttime
- Do not output any packets with a timestamp earlier than unixtime
- -e, --endtime
- Do not output any packets with a timestamp later than unixtime
- -m, --maxfiles
- Do not create more than files trace files
Applications
Create a small 10 minute trace from a larger trace
tracesplit -i 600 -m 1 erf:longtrace.erf.gz erf:10min_trace.erf.gz
Capture a trace to disk with a one hour file rotation
tracesplit -i 3600 int:eth0 erf:trace.erf.gz
Notes
- As tracesplit is capable of producing multiple output files, the output URI is used as the base of the output filename. Appended is timestamp of the first packet in the subtrace.
