farrokhi/nfdump
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
nfdump/man/nfanon.1
phaag 758237b450 Initial git release 1.6.13
2015-10-03 14:06:34 +02:00

88 lines
2.4 KiB
Groff
Executable File
Raw Permalink Blame History

.TH nfexpire 1 2009\-09\-09 "" ""
.SH NAME
nfanon \- netflow anonymisation
.SH SYNOPSIS
.HP 5
.B nfanon [options]
.SH DESCRIPTION
.B nfanon
is used to anonymise all IP addresses ( src, dst, next hop, router IP etc. )
in the netflow records using the CryptoPAn (Cryptography\-based Prefix\-preserving
Anonymization) module. The key \fI-K\fR is used to initialize the Rijndael cipher.
The key is either a 32 character string, or a 64 hex digit string starting with 0x.
.P
.RS 3
See http://www.cc.gatech.edu/computing/Telecomm/cryptopan/ for
more information about CryptoPAn.
.RE
.PD
.P
nfanon has several modes of
operation.
.P
\fBo\fR nfanon reads a sequence of input files, specified by -r, -R and -M
and anonymises the flows in the given files. The input file arguments
have the same syntax and meaning as nfdump(1).
.P
\fBo\fR nfanon reads a sequence of input files, specified by -r, -R and -M.
All anonymised flows are written to a single file specified by -w.
.P
\fBo\fR nfanon works as filter and reads flows from stding and writes the anonymised
flows to stdout.
.SH OPTIONS
.TP 3
.B -r \fIinputfile
Read input data from \fIinputfile\fR. Default is read from stdin.
.TP 3
.B -R \fIexpr
Read input from a sequence of files in the same directory. \fIexpr\fR
may be one of:
.PD 0
.RS 4
/any/\fIdir\fR Read recursively all files in directory \fIdir\fR.
.P
/dir/\fIfile\fR Read all files beginning with \fIfile\fR.
.P
/dir/\fIfile1:file2\fR Read all files from \fIfile1\fR to \fIfile2\fR.
.P
Note: files are read in alphabetical sequence.
.RE
.PD
.TP 3
.B -M \fIexpr
Read input from multiple directories. \fIexpr\fR looks like:
\fI/any/path/to/dir1:dir2:dir3\fR etc. and will be expanded to the
directories: \fI/any/path/to/dir1\fR, \fI/any/path/to/dir2\fR and
\fI/any/path/to/dir3\fR Any number of colon separated directories may
be given. The files to read are specified by \-r or \-R and are expected
to exist in all the given directories. The options \-r and \-R must
not contain any directory part when used in conjunction with \-M.
.TP 3
.B -w \fIoutputfile
If specified writes anonymised netflow records to \fIoutputfile\fR.
.TP 3
.B -K \fIkey
The key is used to initialize the Rijndael cipher. \fIkey\fR is either
a 32 character string, or a 64 hex digit string starting with 0x.
.P
.SH "RETURN VALUE"
Returns
.PD 0
.RS 4
0 No error. \fn
.P
255 Initialization failed.
.P
250 Internal error.
.RE
.PD
.SH NOTES
None.
.P
.SH "SEE ALSO"
nfdump(1)
.SH BUGS
Reference in New Issue View Git Blame Copy Permalink