Man Linux: Main Page and Category List

NAME

       ramon - provide RMON2 style reports from argus(8) data.

COPYRIGHT

       Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

       ramon  [ra-options]  -M (TopN | Matrix | HostProto | HostSvc | Svc) [-M
       Net/masklen] [ expression ]

DESCRIPTION

       Ramon reads argus(8) data from an argus  data  source,  aggregates  the
       records,  sorts  them  based  on  user supplied criteria  and generates
       modified  argus  data  that  supports  RMON2  style  tables  and   data
       reporting.

       Ramon  supports  the  same  sorting  capabilites  and calling syntax as
       rasort() for specifying the sorting algorithm and order.

       The output is valid argus data, and can be operated on using any  ra*()
       program.

       Like  all  ra  based clients, ramon supports a large number of options,
       configuration through  .rarc  files,  and  input  filtering  using  the
       terminating filter expression.

       See the ra(1) man page for details on ra-options and expression syntax.

RAMON SPECIFIC OPTIONS

       -M TopN
            Generate the top N  list  of  network  addresses  and  supply  the
            incoming  and outgoing packet and bytes counts.  The addresses can
            be modified using the -M Net mode in addition to this mode.

       -M Matrix
            Generate the list of talkers ( A <-> B) and  supply  the  incoming
            and  outgoing packet and byte counts.  The talker addresses can be
            modified using the -M Net mode.

       -M HostProto
            Generate the list of protocols that are being used by each address
            and  supply the incoming and outgoing packet and byte counts seen.

       -M HostSvc
            Generate the list of services that are being used by each  address
            and  supply the incoming and outgoing packet and byte counts seen.

       -M Svc
            Generate the list of services (dst port  number)  and  supply  the
            incoming and outgoing packet and byte counts seen.

       -M Net[/masklen]
            Track  addresses  as  networks rather than host addresses.  If the
            option masklen is  not  provided,  the  addresses  are  traced  as
            subnets based on their Class network address.

       -a   Don’t  filter  output  to match expression filter.  This generates
            the complete set of addresses/nets that contributed to the inbound
            and outbound metrics.

AUTHORS

       Carter Bullard (carter@qosient.com).

SEE ALSO

       ra(1), rasort(1), rarc(5), argus(8),

                               07 November 2000