I am trying to create some monitoring based on flow-tools: I have flow-capture running to log things into directories. Now I need to merge files together for my analysation interval. I have looked at the manpage for flow-cat and flow-merge. They talk about interleaving and chronological order. As the files by flow-capture are already quite sorted, I wonder, what the real difference is in my case?
If you're working only from a single flow-capture source, and flow-cat the files in chronological order (that is, the files are named such that alphabetical order is also chronological order), there shouldn't be a difference, no.
It's just that flow-cat won't do anything to ensure that order; it's just concatenating the files. On the other hand, flow-merge is sensitive to timestamps, and reorders the contents as it works so that the result is in chronological order.