Provided by: argus-client_5.0.2+git20250321.41f65e2-2ubuntu1_amd64 
NAME
rahisto - print histogram of metrics from argus(8) data.
SYNOPSIS
rahisto [-M histomode] -H bin[L]:range|size ... [raoptions] [-- filter-expression]
DESCRIPTION
Rahisto reads argus data from an argus-data source, sorts the records based on the criteria specified on
the command line, and outputs a valid argus-stream.
OPTIONS
Rahisto, like all ra based clients, supports a number of ra options including filtering of input argus
records through a terminating filter expression. See ra(1) for a complete description of ra options.
rahisto(1) specific options are:
-M nozero
Don't print bins that have zero frequencies.
-M outlayer
Print accumulated stats for outlayer values, i.e. the values that are outside the histogram range.
-M perflow
Generate multiple histograms. One histogram for each -H option will be generated each flow
discovered. The flow model is specified with the -m option. See the racluster(1) man page for
aggregatable objects. Note that no aggregation takes place as a result of the -m option; this is
used only to classify flow records.
-m aggregation object
Supported aggregation objects are listed in the racluster(1) man page.
-H [abs] metric bin[L]:range | size
Specify histogram options, metric, number of bins, whether to use logorithmic scales, and either a
range specification to indicate start and stop times, or just the size of each bin. The optional
'abs' indicates that rahisto should use absolute values for the metric. More than one -H option can
be supplied. One histogram per metric will be calculated for the same input data.
Rahisto supports 112 argus metrics, which include most of the metrics
that can be printed. See ra.1 for metric fields that are supported by the ra* programs. The common
metrics include:
dur record total duration.
avgdur record average duration.
proto transaction protocol.
sport source port number.
dport destination port number.
stos source TOS byte value.
dtos destination TOS byte value.
sttl src -> dst TTL value.
dttl dst -> src TTL value.
[s|d]bytes [src | dst] transaction bytes.
[s|d]appbytes [src | dst] application bytes.
[s|d]pkts [src | dst] packet count.
[s|d]meansz [src | dst] mean packet size.
[s|d]load packets per second.
[s|d]loss pkts retransmitted or dropped.
[s|d]ploss percent pkts retransmitted or dropped.
[s|d]rate bits per second.
INVOCATION
A sample invocation of rahisto(1). This call reads argus(8) data from inputfile and generates a
frequency distribution histogram for the transaction duration for HTTP traffic.
% rahisto -H dur 10 -r ~/argus/data/argus*out.gz - port http
N = 194 mean = 15.928685 stddev = 23.728876 max = 81.354462 min = 0.008055
median = 0.079948 95% = 59.208977
Class Interval Freq Rel.Freq Cum.Freq
1 0.000000e+00 123 63.4021% 63.4021%
2 8.200000e+00 7 3.6082% 67.0103%
3 1.640000e+01 13 6.7010% 73.7113%
4 2.460000e+01 9 4.6392% 78.3505%
5 3.280000e+01 0 0.0000% 78.3505%
6 4.100000e+01 0 0.0000% 78.3505%
7 4.920000e+01 6 3.0928% 81.4433%
8 5.740000e+01 35 18.0412% 99.4845%
9 6.560000e+01 0 0.0000% 99.4845%
10 7.380000e+01 1 0.5155% 100.0000%
A sample invocation where the call reads argus(8) data from inputfile and generates a frequency
distribution histogram for the round-trip time of arp volleys in argus(8) data.
% rahisto -H dur 10:0-75u -R /Vol*/Data/Archive/split/*68/2012/0[23] - arp and dur gt 0
N = 360 mean = 0.000028 stddev = 0.000007 max = 0.000066 min = 0.000014
median = 0.000031 95% = 0.000028
mode = 0.000026
Class Interval Freq Rel.Freq Cum.Freq
1 0.000000e+00 0 0.0000% 0.0000%
2 7.500000e-06 2 0.5556% 0.5556%
3 1.500000e-05 63 17.5000% 18.0556%
4 2.250000e-05 188 52.2222% 70.2778%
5 3.000000e-05 71 19.7222% 90.0000%
6 3.750000e-05 23 6.3889% 96.3889%
7 4.500000e-05 10 2.7778% 99.1667%
8 5.250000e-05 2 0.5556% 99.7222%
9 6.000000e-05 1 0.2778% 100.0000%
10 6.750000e-05 0 0.0000% 100.0000%
COPYRIGHT
Copyright (c) 2000-2024 QoSient. All rights reserved.
SEE ALSO
ra(1), racluster(1), rarc(5), argus(8),
AUTHORS
Carter Bullard (carter@qosient.com).
BUGS
rahisto 5.0.3 19 September 2023 RAHISTO(1)