NAME¶
rasort - sort
argus(8) data file.
COPYRIGHT¶
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS¶
rasort [[
-M sortmode] [sortmode
] ...]
[raoptions ]
DESCRIPTION¶
Rasort reads
argus data from an
argus-data source, sorts
the records based on the criteria specified on the command line, and outputs a
valid
argus-stream.
OPTIONS¶
Rasort, like all ra based clients, supports a number of
ra options
including filtering of input argus records through a terminating filter
expression. See
ra(1) for a complete description of
ra options.
rasort(1) specific options are:
- -M sortmode
- Supported sortmodes are:
- time
- record start time <default>
- startime
- record start time <default>
- lasttime
- record last time.
- trans
- aggregation record count.
- dur
- record total duration.
- avgdur
- record average duration.
- saddr
- source IP addr.
- daddr
- destination IP addr.
- proto
- transaction protocol.
- sport
- source port number.
- dport
- destination port number.
- stos
- source TOS byte value.
- dtos
- destination TOS byte value.
- sttl
- src -> dst TTL value.
- dttl
- dst -> src TTL value.
- bytes
- total transaction bytes.
- sbytes
- src -> dst transaction bytes.
- dbytes
- dst -> src transaction bytes.
- pkts
- total transaction packet count.
- spkts
- src -> dst packet count.
- dpkts
- dst -> src packet count.
- load
- bits per second.
- loss
- pkts retransmitted or dropped.
- rate
- pkts per second.
- tranref
- argus transaction reference number.
- seq
- argus sequence number.
- srcid
- argus source identifier.
INVOCATION¶
A sample invocation of
rasort(1). This call reads
argus(8) data
from
inputfile and sorts the IP protocol based
argus(8) data,
first by the destination IP address, then by the service (destination) port
number and then by the source IP address, and writes the results to stdout.
For most services, this arranges
argus(8) formatted data by server,
service, and then by client.
- rasort -r inputfile -M daddr dport saddr - ip
SEE ALSO¶
ra(1), rarc(5), argus(8), tcpdump(1)
FILES¶
AUTHORS¶
Carter Bullard (carter@qosient.com).
BUGS¶