lunar (1) racount.1.gz

Provided by: argus-client_3.0.8.2-6.1ubuntu1_amd64 bug

NAME

       racount - count things from an argus(8) data file/stream.

SYNOPSIS

       racount [-M addr proto] [raoptions] [-- filter-expression]

DESCRIPTION

       Racount  reads  argus data from an argus-file list, and prints out various counts from the
       data in the file.  Racount supports, by default, a single line output that  provide  total
       records and pkt and byte counts, broken down by source and destination.

OPTIONS

       Racount, like all ra based clients, supports a number of ra options including filtering of
       input argus records through a terminating filter expression.  See  ra(1)  for  a  complete
       description of ra options.

       racount specfic options are:

       -M modes
           Supported modes are:
              proto   Print  a  count  breakdown  on  protocols  seen.  racount will report on IP
                      protocols, ether protocols, arp, rarp and unknowwn.

              addr    Print a summary report of the occurence of the  various  types  of  network
                      addresses  encountered.   The current list of IANA standard network address
                      types include:
                          IPv4  Unicast  ThisNet,  Reserved,  LoopBack,  LinkLocal,  TestNet  and
                      Private
                          IPv4  Multicast  Local,  Internet,  AdHoc,  Reserved,  SdpSap,  Nasdaq,
                      DisTrans, SrcSpec, Glop, Admin, OrgLocal and SiteLocal
                          IPv6 Loopback, LinkLocal, SiteLocal,  Global,  V4Compat,  V4Mapped  and
                      Unspecified
                          IPv6    MulticastNodeLocal,   MulticastLinkLocal,   MulticastSiteLocal,
                      MulticastOrgLocal and MulticastGlobal

EXAMPLE INVOCATION

       This example runs racount against a single argus data file, generating the default output.

       % racount -r argus.2012.02.13.17.20.00.out.gz
       racount   records     total_pkts     src_pkts       dst_pkts       total_bytes        src_bytes          dst_bytes
           sum   336         21319          9266           12053          16954495           1329172            15625323

       This example runs racount against a directory containing argus data, generating a protocol
       breakdown as well as generating a network address summary.

       % racount -M proto addr -r argus.2012.02.13.17.20.00.out.gz
       racount   records     total_pkts     src_pkts       dst_pkts       total_bytes        src_bytes          dst_bytes
           sum   336         21319          9266           12053          16954495           1329172            15625323
       Protocol Summary
           udp   1           28             28             0              14692              14692              0
            ip   222         20751          8891           11860          16799531           1238670            15560861
           udp   103         513            324            189            138274             74068              64206
           udp   1           1              1              0              422                422                0
           arp   7           16             12             4              936                680                256
       Address Summary
         IPv4 Unicast              src 0           dst 40
         IPv4 Unicast Private      src 6           dst 3
         IPv6 LinkLocal            src 3           dst 0
         IPv6 Multicast Link Local src 0           dst 3

       Copyright (c) 2000-2016 QoSient. All rights reserved.

AUTHORS

       Carter Bullard (carter@qosient.com).

SEE ALSO

       ra(1), rarc(5), argus(8)