rahisto man page

rahisto — print histogram of metrics from argus(8) data.

Synopsis

rahisto [-M histomode] -H bin[L]:range|size ... [raoptions] [-- filter-expression]

Description

Rahisto reads argus data from an argus-data source, sorts the records based on the criteria specified on the command line, and outputs a valid argus-stream.

Options

Rahisto, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options. rahisto(1) specific options are:

-M nozero
Don't print bins that have zero frequencies.
-M outlayer
Print accumulated stats for outlayer values, i.e. the values that are outside the histogram range.
-H metric bin[L]:range | size
Supported metrics are:
dur
record total duration.
avgdur
record average duration.
proto
transaction protocol.
sport
source port number.
dport
destination port number.
stos
source TOS byte value.
dtos
destination TOS byte value.
sttl
src -> dst TTL value.
dttl
dst -> src TTL value.
[s|d]bytes
[src | dst] transaction bytes.
[s|d]appbytes
[src | dst] application bytes.
[s|d]pkts
[src | dst] packet count.
[s|d]meansz
[src | dst] mean packet size.
[s|d]load
packets per second.
[s|d]loss
pkts retransmitted or dropped.
[s|d]ploss
percent pkts retransmitted or dropped.
[s|d]rate
bits per second.

Invocation

A sample invocation of rahisto(1). This call reads argus(8) data from inputfile and generates a frequency distribution histogram for the transaction duration for HTTP traffic.

% rahisto -H dur 10 -r ~/argus/data/argus*out.gz - port http
 N = 194     mean = 15.928685  stddev = 23.728876  max = 81.354462  min = 0.008055
           median =  0.079948     95% = 59.208977
 Class     Interval         Freq    Rel.Freq     Cum.Freq    
     1   0.000000e+00        123    63.4021%     63.4021%    
     2   8.200000e+00          7     3.6082%     67.0103%    
     3   1.640000e+01         13     6.7010%     73.7113%    
     4   2.460000e+01          9     4.6392%     78.3505%    
     5   3.280000e+01          0     0.0000%     78.3505%    
     6   4.100000e+01          0     0.0000%     78.3505%    
     7   4.920000e+01          6     3.0928%     81.4433%    
     8   5.740000e+01         35    18.0412%     99.4845%    
     9   6.560000e+01          0     0.0000%     99.4845%    
    10   7.380000e+01          1     0.5155%    100.0000%

A sample invocation where the call reads argus(8) data from inputfile and generates a frequency distribution histogram for the round-trip time of arp volleys in argus(8) data.

% rahisto -H dur 10:0-75u  -R /Vol*/Data/Archive/split/*68/2012/0[23] - arp and dur gt 0
 N = 360     mean = 0.000028  stddev = 0.000007  max = 0.000066  min = 0.000014
           median = 0.000031     95% = 0.000028
             mode = 0.000026
 Class     Interval         Freq    Rel.Freq     Cum.Freq    
     1   0.000000e+00          0     0.0000%      0.0000%    
     2   7.500000e-06          2     0.5556%      0.5556%    
     3   1.500000e-05         63    17.5000%     18.0556%    
     4   2.250000e-05        188    52.2222%     70.2778%    
     5   3.000000e-05         71    19.7222%     90.0000%    
     6   3.750000e-05         23     6.3889%     96.3889%    
     7   4.500000e-05         10     2.7778%     99.1667%    
     8   5.250000e-05          2     0.5556%     99.7222%    
     9   6.000000e-05          1     0.2778%    100.0000%    
    10   6.750000e-05          0     0.0000%    100.0000%

See Also

ra(1), rarc(5), argus(8),

Authors

Carter Bullard (carter@qosient.com).

Info

07 November 2000 rahisto 3.0.8