3.9 Features Common to Several Commands
3.9.2 Getting Tool Help
All SiLK tools include a help screen that provides a summary of command information. The help screen can be invoked by using the--help parameter with the command.
SiLK is distributed with conventional UNIX manual pages and The SiLK Reference Guide, both of which explain all the parameters and functionality of each tool in the suite.
All SiLK tools also have a--version parameter (as shown in Command 2 of Example3.38) that identifies the version installed. Since the suite is still being extended and evolved, this version information may be quite important.
3.9. FEATURES COMMON TO SEVERAL COMMANDS 71
Table 3.13: Common Parameters in Essential SiLK Tools
Parameter rwfilter rwstats rwcount rwcut rwsort rwuniq
--help 3 3 3 3 3 3 --legacy-help 3 --version 3 3 3 3 3 3 --site-config-file 3 3 3 3 3 3 filenames 3 3 3 3 3 3 --xargs 3 3 3 3 3 3 --print-filenames 3 3 3 3 3 3 --copy-input 3 3 3 3 --pmap-file 3 3 3 3 3 --plugin 3 3 3 3 3 --python-file 3 3 3 3 3 --output-path 3 3 3 3 3 --no-titles 3 3 3 3 --no-columns 3 3 3 3 --column-separator 3 3 3 3 --no-final-delimiter 3 3 3 3 --delimited 3 3 3 3 --ipv6-policy 3 3 3 --ip-format 3 3 3 --timestamp-format 3 3 3 3 --integer-sensors 3 3 3 --integer-tcp-flags 3 3 3 --pager 3 3 3 3 --note-add 3 3 --note-file-add 3 3 --dry-run 3 3
Table 3.14: Parameters Common to Several Commands
Parameter Description
--help Prints usage description and exits --legacy-help Prints help for legacy switches
--version Prints this program’s version and installation parameters
--site-config-file Specifies the name of the SiLK configuration file to use instead of the file in the root directory of the repository
filenames Specifies one or multiple filenames as non-option arguments
--xargs Specifies the name of a file (orstdin if omitted) from which to read input filenames
--print-filenames Displays input filenames on stderr as each file is opened --copy-input Specifies the file or pipe to receive a copy of the input records
--pmap-file Specifies a prefix-map filename and a map name as mapname:path to create a many-to-one mapping of field values to labels. Forrwfilter, this creates new partitioning options: --pmap-src-mapname, --pmap-dst-mapname, and --pmap-any-mapname. For other tools, it creates new fields src-mapname and dst-mapname (see Section 4.7)
--plugin Forrwfilter, creates new switches and partitioning options with a plug-in program written in the C language. For other tools, creates new fields --python-file Forrwfilter, creates new switches and partitioning options with a plug-in
program written in Python. For other tools, creates new fields --output-path Specifies the output file’s path
--no-titles Doesn’t print column headings
--no-columns Doesn’t align neat columns. Deletes leading spaces from each column --column-separator Specifies the character displayed after each column value
--no-final-delimiter Doesn’t display a column separator after the last column
--delimited Combines --no-columns, --no-final-delimiter, and, if a character is specified, --column-separator
--ipv6-policy Determines how IPv4 and IPv6 flows are handled when SiLK has been installed with IPv6 support (see Table 3.17)
--ip-format Chooses the format of IP addresses in output (see Table 3.15)
--timestamp-format Chooses the format and/or timezone of timestamps in output (see Ta- ble3.16)
--integer-sensors Displays sensors as integers, not names --integer-tcp-flags Displays TCP flags as integers, not strings
--pager Specifies the program used to display output one screenful at a time --note-add Adds a note, specified in this option, to the output file’s header
--note-file-add Adds a note from the contents of the specified file to the output file’s header --dry-run Checks parameters for legality without actually processing data
3.9. FEATURES COMMON TO SEVERAL COMMANDS 73
Table 3.15: --ip-format Values
Value Description
canonical Displays IPv4 addresses as dotted decimal quad and most IPv6 addresses as colon- separated hexadectets. IPv4-compatible and IPv4-mapped IPv6 addresses will be dis- played in a combination of hexadecimal and decimal. For both IPv4 and IPv6, leading zeroes will be suppressed in octets and hexadectets. Double-colon compaction of IPv6 addresses will be performed.
zero-padded Octets are zero-padded to three digits, and hexadectets are zero-padded to four digits. Double-colon compaction is not performed, which simplifies sorting addresses as text. decimal Displays an IP address as a single, large decimal integer.
hexadecimal Displays an IP address as a single, large hexadecimal integer.
force-ipv6 Display all addresses as IPv6 addresses, using only hexadecimal. IPv4 addresses are mapped to the ::FFFF:0:0/96 IPv4-mapped netblock.
Table 3.16: --timestamp-format Values
Value Description
default Formats timestamps as YYYY/MM/DDThh:mm:ss iso Formats timestamps as YYYY-MM-DD hh:mm:ss m/d/y Formats timestamps as MM/DD/YYYY hh:mm:ss
epoch Formats timestamps as an integer of the number of seconds since 1970/01/01 00:00:00 UTC (UNIX epoch)
utc Specifies timezone to use Coordinated Universal Time (UTC)
Example 3.38: Using --help and --version
<1>$ rwsetmember --help
rwsetmember [ SWITCHES ] WILDCARD_IP INPUT_SET [ INPUT_SET ...]
Determine existence of IP address (es) in one or more IPset files . By default , print names of INPUT_SETs that contain WILDCARD_IP . SWITCHES :
--help No Arg . Print this usage output and exit . Def . No
-- version No Arg . Print this program 's version and exit . Def . No -- count No Arg . Print count of matches along with filenames -- quiet No Arg . No output , only set exit status
<2>$ rwset -- version
rwset : part of SiLK 3.8.2; configuration settings :
* Root of packed data tree : / data
* Packing logic : Run - time plug -in
* Timezone support : UTC
* Available compression methods : none [ default ], zlib , lzo1x
* IPv6 network connections : yes
* IPv6 flow record support : yes
* IPFIX / NetFlow9 collection : ipfix , netflow9
* Transport encryption : GnuTLS
* PySiLK support : / usr / lib64 / python /site - packages
* Enable assert (): no
Copyright (C) 2001 -2014 by Carnegie Mellon University
GNU General Public License ( GPL ) Rights pursuant to Version 2, June 1991. Some included library code covered by LGPL 2.1; see source for details . Government Purpose License Rights ( GPLR ) pursuant to DFARS 252.227 -7013. Send bug reports , feature requests , and comments to netsa - help@cert . org .
3.9. FEATURES COMMON TO SEVERAL COMMANDS 75