.\" Copyright (c) 2000-2003 QoSient, LLC .\" All rights reserved. .\" .\" QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS .\" SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND .\" FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY .\" SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER .\" RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF .\" CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN .\" CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" .TH RASORT 1 "07 November 2000" .SH NAME \fBrasort\fP \- sort \fBargus(8)\fP data file. .SH COPYRIGHT Copyright (c) 2000-2003 QoSient. All rights reserved. .SH SYNOPSIS .B rasort [[\fB\-M\fP \fIsortmode\fP] [sortmode\fP] ...] [\fBraoptions\fP] .SH DESCRIPTION .IX "rasort command" "" "\fLrasort\fP \(em argus data" .LP .B Rasort reads .BR argus data from an \fIargus-data\fP source, sorts the records based on the criteria specified on the command line, and outputs a valid \fIargus-stream\fP. .SH OPTIONS Rasort, like all ra based clients, supports a number of \fBra options\fP including filtering of input argus records through a terminating filter expression. See \fBra(1)\fP for a complete description of \fBra options\fP. \fBrasort(1)\fP specific options are: .PP .PD 0 .TP 15 .BI \-M "\| sortmode\^" Supported sortmodes are: .PP .RS .TP 15 .B time record start time .TP .B startime record start time .TP .B lasttime record last time. .TP .B trans aggregation record count. .TP .B dur record total duration. .TP .B avgdur record average duration. .TP .B saddr source IP addr. .TP .B daddr destination IP addr. .TP .B proto transaction protocol. .TP .B sport source port number. .TP .B dport destination port number. .TP .B stos source TOS byte value. .TP .B dtos destination TOS byte value. .TP .B sttl src -> dst TTL value. .TP .B dttl dst -> src TTL value. .TP .B bytes total transaction bytes. .TP .B sbytes src -> dst transaction bytes. .TP .B dbytes dst -> src transaction bytes. .TP .B pkts total transaction packet count. .TP .B spkts src -> dst packet count. .TP .B dpkts dst -> src packet count. .TP .B load bits per second. .TP .B loss pkts retransmitted or dropped. .TP .B rate pkts per second. .TP .B tranref argus transaction reference number. .TP .B seq argus sequence number. .TP .B srcid argus source identifier. .PD .RE .SH INVOCATION A sample invocation of \fBrasort(1)\fP. This call reads \fBargus(8)\fP data from \fBinputfile\fP and sorts the IP protocol based \fBargus(8)\fP data, first by the destination IP address, then by the service (destination) port number and then by the source IP address, and writes the results to stdout. For most services, this arranges \fBargus(8)\fP formatted data by server, service, and then by client. .TP 5 \fBrasort\fP -r inputfile -M daddr dport saddr - ip .SH SEE ALSO .BR ra(1), .BR rarc(5), .BR argus(8), .BR tcpdump(1) .SH FILES .SH AUTHORS .nf Carter Bullard (carter@qosient.com). .fi .SH BUGS