Provided by: argus-client_2.0.6.fixes.1-3_amd64 
NAME
rasort - sort argus(8) data file.
COPYRIGHT
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS
rasort [[-M sortmode] [sortmode] ...] [raoptions]
DESCRIPTION
Rasort reads argus data from an argus-data source, sorts the records based on the criteria specified on
the command line, and outputs a valid argus-stream.
OPTIONS
Rasort, like all ra based clients, supports a number of ra options including filtering of input argus
records through a terminating filter expression. See ra(1) for a complete description of ra options.
rasort(1) specific options are:
-M sortmode Supported sortmodes are:
time record start time <default>
startime record start time <default>
lasttime record last time.
trans aggregation record count.
dur record total duration.
avgdur record average duration.
saddr source IP addr.
daddr destination IP addr.
proto transaction protocol.
sport source port number.
dport destination port number.
stos source TOS byte value.
dtos destination TOS byte value.
sttl src -> dst TTL value.
dttl dst -> src TTL value.
bytes total transaction bytes.
sbytes src -> dst transaction bytes.
dbytes dst -> src transaction bytes.
pkts total transaction packet count.
spkts src -> dst packet count.
dpkts dst -> src packet count.
load bits per second.
loss pkts retransmitted or dropped.
rate pkts per second.
tranref argus transaction reference number.
seq argus sequence number.
srcid argus source identifier.
INVOCATION
A sample invocation of rasort(1). This call reads argus(8) data from inputfile and sorts the IP protocol based argus(8) data, first by the destination IP address, then by the service (destination) port number and then by the source IP address, and writes the results to stdout. For most services, this arranges argus(8) formatted data by server, service, and then by client. rasort -r inputfile -M daddr dport saddr - ip
SEE ALSO
ra(1), rarc(5), argus(8), tcpdump(1)
FILES
AUTHORS
Carter Bullard (carter@qosient.com).
BUGS
07 November 2000 RASORT(1)