lunar (1) rasort.1.gz

Provided by: argus-client_3.0.8.2-6.1ubuntu1_amd64 bug

NAME

       rasort - sort argus(8) data file.

SYNOPSIS

       rasort [[-M sortmode] [-m sort fields] ...]  [raoptions] [-- filter-expression]

DESCRIPTION

       Rasort reads argus data from an argus-data source, sorts the records based on the criteria
       specified on the command line, and outputs a valid argus-stream.

OPTIONS

       Rasort, like all ra based clients, supports a number of ra options including filtering  of
       input  argus  records  through  a terminating filter expression.  See ra(1) for a complete
       description of ra options.  rasort(1) specific options are:

       -M replace
           Replace the existing file(s) with the sorted output(s).

       -m field [field ...]
           Supported sort fields are:
              stime          record start time <default>
              ltime          record last time.
              trans          aggregation record count.
              dur            record total duration.
              avgdur         record average duration.
              mindur         record minimum duration.
              maxdur         record maximum duration.
              smac           source MAC addr.
              dmac           destination MAC addr.
              soui           oui portion of the source MAC addr.
              doui           oui portion of the destination MAC addr.
              saddr[/cidr]   source IP addr, with optional cidr specification for IPv4 addresses.
              daddr[/cidr]   destination IP addr,  with  optional  cidr  specification  for  IPv4
                             addresses.
              proto          transaction protocol.
              sport          source port number.
              dport          destination port number.
              stos           source TOS byte value.
              dtos           destination TOS byte value.
              sttl           src -> dst TTL value.
              dttl           dst -> src TTL value.
              bytes          total transaction bytes.
              sbytes         src -> dst transaction bytes.
              dbytes         dst -> src transaction bytes.
              pkts           total transaction packet count.
              spkts          src -> dst packet count.
              dpkts          dst -> src packet count.
              load           bits per second.
              sload          source bits per second.
              dload          destination bits per second.
              loss           pkts retransmitted or dropped.
              sloss          source pkts retransmitted or dropped.
              dloss          destination pkts retransmitted or dropped.
              ploss          percent pkts retransmitted or dropped.
              sploss         percent source pkts retransmitted or dropped.
              dploss         percent destination pkts retransmitted or dropped.
              rate           pkts per second.
              srate          source pkts per second.
              drate          destination pkts per second.
              tranref        argus transaction reference number.
              seq            argus sequence number.
              smpls          source MPLS identifier.
              dmpls          destination MPLS identifier.
              svlan          source VLAN identifier.
              dvlan          destination VLAN identifier.
              srcid          argus source identifier.
              stcpb          source TCP base sequence number.
              dtcpb          destination TCP base sequence number.
              tcprtt         TCP connection setup round-trip time.
              smeansz        source mean packet size
              dmeansz        destination mean packet size
              sco            source country code
              dco            destination country code
              sas            source autonomous system number
              das            destination autonomous system number

INVOCATION

       A  sample invocation of rasort(1).  This call reads argus(8) data from inputfile and sorts
       the IP protocol based argus(8) data, first by the destination  IP  address,  then  by  the
       service  (destination)  port  number  and  then  by  the source IP address, and writes the
       results to stdout.  For most services, this arranges argus(8) formatted  data  by  server,
       service, and then by client.

       rasort -r inputfile -m daddr dport saddr - ip

       Copyright (c) 2000-2016 QoSient. All rights reserved.

SEE ALSO

       ra(1), rarc(5), argus(8),

FILES

AUTHORS

       Carter Bullard (carter@qosient.com).

BUGS