NAME¶
rastrip - strip
argus(8) data file.
COPYRIGHT¶
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS¶
rastrip [[
-M stripfield] [stripfield
] ...]
[raoptions]
DESCRIPTION¶
Rastrip reads
argus data from an
argus-data source, and
removes data sections that are specified on the command line, and outputs a
valid
argus-stream. If
rastrip is run without any
stripfield directives, the default is to strip out all information from
the record except the FAR information and TCP specific information. This
default generates an
argus-stream that contains the same semantic
information that was present in argus-1.5 data records, and generates the same
output from ra().
OPTIONS¶
Rastrip, like all ra based clients, supports a number of
ra options
including filtering of input argus records through a terminating filter
expression. See
ra(1) for a complete description of
ra options.
rastrip(1) specific options are:
- -M [-|+]stripfield
-
Supported stripfields are:
- far
- flow descriptors and flow metrics
- mac
- media access control addresses
- tcp
- TCP specific identifiers and metrics, such as base sequence numbers,
advertised window sizes and retransmission statistics.
- icmp
- ICMP specific identifiers and metrics, such as the source address of the
ICMP packet, the declared gateway address and the ICMP types and modes,
such as ECHO or Port Unreachable, along with the port value.
- rtp
- RTP and RTCP specific identifiers and metrics, such as the source stream
identifiers, the last sequence number and stream drop statistics.
- igmp
- IGMP specific identifiers and metrics.
- arp
- IGMP specific identifiers and metrics, such as the MAC address of the
responder to arp requests for a specific address.
- frag
- Fragmentation specific identifiers and metrics, such as the average
fragment size, number of fragments in this fragment, last offset seen in
this fragment.
- esp
- ESP specific identifiers and metrics, such as the Security Identifier the
last sequence number seen and drop statistics.
- mpls
- MPLS specific identifiers, such as the last MPLS label seen on this
flow.
- vlan
- VLAN specific identifiers, such as the source and destination VLAN
identifiers. flow.
- pppoe
- PPPOE specific identifiers, such as the source and destination SAP
identifiers.
- agr
- Aggregation specific metrics, such as the number of records aggregated,
the mean record duration, standard deviations.
- jitter
- Jitter specific metrics, such as the mean interpacket arrival time while
the flow is active, max, min and standard deviation, as well as metrics
for while the flow is idle.
- user
- All user data capture buffers.
- srcuser
- User data capture buffer from the source node.
- dstuser
- User data capture buffer from the destination node.
- stime
- Source jitter information.
- dtime
- Destination jitter information.
INVOCATION¶
Sample invocations of
rastrip(1). The first call reads
argus(8)
data from
inputfile and strips the record, leaving only the FAR data,
which contains the flow descriptors and basic metrics, and jitter information.
rastrip -r inputfile -M far jitter
The next sample invocation of
rastrip(1), adds vlan specific information
to the default far and tcp information that would normally be retained.
rastrip -r inputfile -M +vlan
The next sample invocation of
rastrip(1), removes only the user data
capture buffers from the
argus-stream, keep the rest of the data
intact.
rastrip -r inputfile -M -user
SEE ALSO¶
ra(1), rarc(5), argus(8), tcpdump(1)
FILES¶
AUTHORS¶
Carter Bullard (carter@qosient.com).
BUGS¶