COPYRIGHT

Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

rasort [[-M sortmode] [sortmode] ...] [raoptions]

DESCRIPTION

Rasort reads argus data from an argus-data source, sorts the records based on the criteria specified on the command line, and outputs a valid argus-stream.

OPTIONS

Rasort, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options. rasort(1) specific options are:

-M\| sortmode\^

Supported sortmodes are:

time

record start time <default>

startime

record start time <default>

lasttime

record last time.

trans

aggregation record count.

dur

record total duration.

avgdur

record average duration.

saddr

source IP addr.

daddr

destination IP addr.

proto

transaction protocol.

sport

source port number.

dport

destination port number.

stos

source TOS byte value.

dtos

destination TOS byte value.

sttl

src -> dst TTL value.

dttl

dst -> src TTL value.

bytes

total transaction bytes.

sbytes

src -> dst transaction bytes.

dbytes

dst -> src transaction bytes.

pkts

total transaction packet count.

spkts

src -> dst packet count.

dpkts

dst -> src packet count.

load

bits per second.

loss

pkts retransmitted or dropped.

rate

pkts per second.

tranref

argus transaction reference number.

seq

argus sequence number.

srcid

argus source identifier.

INVOCATION

A sample invocation of rasort(1). This call reads argus(8) data from inputfile and sorts the IP protocol based argus(8) data, first by the destination IP address, then by the service (destination) port number and then by the source IP address, and writes the results to stdout. For most services, this arranges argus(8) formatted data by server, service, and then by client.

rasort -r inputfile -M daddr dport saddr - ip

RELATED TO rasort…

ra(1), rarc(5), argus(8), tcpdump(1)

FILES

AUTHORS

Carter Bullard ([email protected]).

BUGS