Man Linux: Main Page and Category List

NAME

       rasort - sort argus(8) data file.

COPYRIGHT

       Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

       rasort [[-M sortmode] [sortmode] ...]  [raoptions]

DESCRIPTION

       Rasort  reads  argus  data from an argus-data source, sorts the records
       based on the criteria specified on the  command  line,  and  outputs  a
       valid argus-stream.

OPTIONS

       Rasort,  like  all  ra  based  clients, supports a number of ra options
       including filtering of input argus records through a terminating filter
       expression.   See  ra(1)  for  a  complete  description  of ra options.
       rasort(1) specific options are:

       -M sortmode    Supported sortmodes are:
              time           record start time <default>
              startime       record start time <default>
              lasttime       record last time.
              trans          aggregation record count.
              dur            record total duration.
              avgdur         record average duration.
              saddr          source IP addr.
              daddr          destination IP addr.
              proto          transaction protocol.
              sport          source port number.
              dport          destination port number.
              stos           source TOS byte value.
              dtos           destination TOS byte value.
              sttl           src -> dst TTL value.
              dttl           dst -> src TTL value.
              bytes          total transaction bytes.
              sbytes         src -> dst transaction bytes.
              dbytes         dst -> src transaction bytes.
              pkts           total transaction packet count.
              spkts          src -> dst packet count.
              dpkts          dst -> src packet count.
              load           bits per second.
              loss           pkts retransmitted or dropped.
              rate           pkts per second.
              tranref        argus transaction reference number.
              seq            argus sequence number.
              srcid          argus source identifier.

INVOCATION

       A sample invocation of rasort(1).  This call reads argus(8)  data  from
       inputfile  and  sorts the IP protocol based argus(8) data, first by the
       destination IP address, then by the service (destination)  port  number
       and  then  by  the source IP address, and writes the results to stdout.
       For most services, this arranges argus(8)  formatted  data  by  server,
       service, and then by client.

       rasort -r inputfile -M daddr dport saddr - ip

SEE ALSO

       ra(1), rarc(5), argus(8), tcpdump(1)

FILES

AUTHORS

       Carter Bullard (carter@qosient.com).

BUGS

                               07 November 2000