rasort man page

rasort — sort argus(8) data file.

Synopsis

rasort [[-M sortmode] [-m sort fields] ...] [raoptions] [-- filter-expression]

Description

Rasort reads argus data from an argus-data source, sorts the records based on the criteria specified on the command line, and outputs a valid argus-stream.

Options

Rasort, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options. rasort(1) specific options are:

-M replace

Replace the existing file(s) with the sorted output(s).

-m field [field ...]

Supported sort fields are:

stime

record start time <default>

ltime

record last time.

trans

aggregation record count.

dur

record total duration.

avgdur

record average duration.

mindur

record minimum duration.

maxdur

record maximum duration.

smac

source MAC addr.

dmac

destination MAC addr.

soui

oui portion of the source MAC addr.

doui

oui portion of the destination MAC addr.

saddr[/cidr]

source IP addr, with optional cidr specification for IPv4 addresses.

daddr[/cidr]

destination IP addr, with optional cidr specification for IPv4 addresses.

proto

transaction protocol.

sport

source port number.

dport

destination port number.

stos

source TOS byte value.

dtos

destination TOS byte value.

sttl

src -> dst TTL value.

dttl

dst -> src TTL value.

bytes

total transaction bytes.

sbytes

src -> dst transaction bytes.

dbytes

dst -> src transaction bytes.

pkts

total transaction packet count.

spkts

src -> dst packet count.

dpkts

dst -> src packet count.

load

bits per second.

sload

source bits per second.

dload

destination bits per second.

loss

pkts retransmitted or dropped.

sloss

source pkts retransmitted or dropped.

dloss

destination pkts retransmitted or dropped.

ploss

percent pkts retransmitted or dropped.

sploss

percent source pkts retransmitted or dropped.

dploss

percent destination pkts retransmitted or dropped.

rate

pkts per second.

srate

source pkts per second.

drate

destination pkts per second.

tranref

argus transaction reference number.

seq

argus sequence number.

smpls

source MPLS identifier.

dmpls

destination MPLS identifier.

svlan

source VLAN identifier.

dvlan

destination VLAN identifier.

srcid

argus source identifier.

stcpb

source TCP base sequence number.

dtcpb

destination TCP base sequence number.

tcprtt

TCP connection setup round-trip time.

smeansz

source mean packet size

dmeansz

destination mean packet size

sco

source country code

dco

destination country code

sas

source autonomous system number

das

destination autonomous system number

Invocation

A sample invocation of rasort(1).  This call reads argus(8) data from inputfile and sorts the IP protocol based argus(8) data, first by the destination IP address, then by the service (destination) port number and then by the source IP address, and writes the results to stdout. For most services, this arranges argus(8) formatted data by server, service, and then by client.

rasort -r inputfile -m daddr dport saddr - ip

See Also

ra(1), rarc(5), argus(8),

Files

Authors

Carter Bullard (carter@qosient.com).

Bugs

Referenced By

rabins(1).

07 November 2000 rasort 3.0.8