.\" Copyright (c) 2000-2016 QoSient, LLC
.\" All rights reserved.
.\" 
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation; either version 2, or (at your option)
.\" any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.TH RAEVENT 1 "07 February 2010" "raevent 3.0.8"
.SH NAME
\fBraevent\fP \- read \fBargus(8)\fP event data.
.SH SYNOPSIS
\fBraevent [\fBraoptions\fP] [\fB--\fP \fIfilter-expression\fP]
.SH DESCRIPTION
.IX  "raevent command"  ""  "\fLraevent\fP \(em argus data"
.LP

.B Raevent
reads
.BR argus(8)
data from either \fIstdin\fP, an \fIargus-file\fP, or from a
remote argus data source, filters the records it encounters
based on an optional \fIfilter-expression\fP and either prints
the contents of the
.BR argus(5)
records that it encounters to \fBstdout\fP or appends them into an
.B argus(5)
datafile.

.LP
.SH OPTIONS
Raevent, like all ra based clients, supports a number of
\fBra options\fP including filtering of input argus
records through a terminating filter expression.
See \fBra(1)\fP for a complete description of \fBra options\fP.

.SH EXAMPLE INVOCATION
.nf
.ft CW
.ps 6
.vs 7

% raevent -S localhost

event[874]=
2010/02/09.09:21:19.971182:srcid=192.168.0.68:prog:/usr/local/bin/ralsof
<ArgusEvent>
  <ArgusEventData>
    COMMAND     PID   USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
    SystemUIS   787 carter   11u  IPv4 0x17ec2054      0t0  UDP *:*
    SystemUIS   787 carter   13u  IPv4 0x185a28ec      0t0  UDP *:*
    AppleVNCS   798 carter    9u  IPv6 0x172905c0      0t0  TCP *:5900 (LISTEN)
    Mail        817 carter   13u  IPv4 0x18f73b1c      0t0  TCP 192.168.0.68:64540->17.148.16.45:993 (ESTABLISHED)
    Mail        817 carter   18u  IPv4 0x20a15274      0t0  TCP 192.168.0.68:64542->17.148.16.45:993 (ESTABLISHED)
    Mail        817 carter   20u  IPv4 0x172942d4      0t0  TCP 192.168.0.68:64541->17.148.16.45:993 (CLOSED)
    Mail        817 carter   21u  IPv4 0x207f1a8c      0t0  TCP 192.168.0.68:64554->17.148.16.45:993 (ESTABLISHED)
    Mail        817 carter   26u  IPv4 0x207fbb4c      0t0  TCP 192.168.0.68:64546->216.92.197.167:993 (ESTABLISHED)
    Mail        817 carter   29u  IPv4 0x19e8d6b0      0t0  TCP 192.168.0.68:64547->216.92.197.167:993 (ESTABLISHED)
    Mail        817 carter   31u  IPv4 0x207fb740      0t0  TCP 192.168.0.68:64548->216.92.197.167:993 (ESTABLISHED)
    Mail        817 carter   32u  IPv4 0x20801abc      0t0  TCP 192.168.0.68:53902->216.92.197.167:993 (ESTABLISHED)
    Mail        817 carter   35u  IPv4 0x19e8fb1c      0t0  TCP 192.168.0.68:50245->17.250.248.77:80 (CLOSED)
    Mail        817 carter   37u  IPv4 0x207f5b4c      0t0  TCP 192.168.0.68:59403->216.75.197.71:80 (CLOSE_WAIT)
    Mail        817 carter   40u  IPv4 0x19e8eef8      0t0  TCP 192.168.0.68:53903->216.75.197.71:80 (CLOSE_WAIT)
    Mail        817 carter   43u  IPv4 0x20a1c2d4      0t0  TCP 192.168.0.68:53913->208.59.201.100:80 (ESTABLISHED)
    Mail        817 carter   46u  IPv4 0x20802aec      0t0  TCP 192.168.0.68:59408->208.59.201.100:80 (ESTABLISHED)
    Mail        817 carter   50u  IPv4 0x207f92d4      0t0  TCP 192.168.0.68:53916->208.59.201.100:80 (ESTABLISHED)
    Microsoft   822 carter    5u  IPv4 0x20a23740      0t0  TCP 192.168.0.68:53597->207.46.170.10:80 (CLOSED)
    iChatAgen   830 carter    6u  IPv4 0x185a2734      0t0  UDP 127.0.0.1:52122->127.0.0.1:52122
    iChatAgen   830 carter   11u  IPv4 0x20803f28      0t0  TCP 192.168.0.68:65360->205.188.3.5:5190 (ESTABLISHED)
    FileSyncA   838 carter   15u  IPv4 0x20a1caec      0t0  TCP 192.168.0.68:57148->17.250.248.123:80 (CLOSED)
    aosnotify   843 carter    5u  IPv4 0x20a1d710      0t0  TCP 192.168.0.68:56355->17.250.248.83:5223 (ESTABLISHED)
    rasqlinse 27492 carter    5u  IPv4 0x20a16abc      0t0  TCP 192.168.0.68:57166->192.168.0.82:561 (ESTABLISHED)
    Safari    37870 carter   18u  IPv4 0x20a1e740      0t0  TCP 192.168.0.68:56792->198.145.117.112:80 (CLOSE_WAIT)
    Safari    37870 carter   33u  IPv4 0x20800a8c      0t0  TCP 192.168.0.68:54690->69.192.29.115:443 (CLOSE_WAIT)
    iTunes    91271 carter   22u  IPv4 0x2080b710      0t0  TCP *:3689 (LISTEN)
    iTunes    91271 carter   23u  IPv6 0x172916d0      0t0  TCP *:3689 (LISTEN)
  </ArgusEventData>
</ArgusEvent>

.vs
.ps
.ft P
.fi

Consider \fBraevent\fP as a proof of concept program for demonstrating the ArgusEvent system.

.SH COPYRIGHT
Copyright (c) 2000-2016 QoSient. All rights reserved.
.SH AUTHORS
.nf
Carter Bullard (carter@qosient.com).
.fi
.SH SEE ALSO
.BR ra (1),
.BR rarc (5),
.BR argus (8)