rasort (1) - Linux Manuals
rasort: sort argus(8) data file.
NAME
rasort - sort argus(8) data file.SYNOPSIS
rasort [[-M sortmode] [-m sort fields] ...] [raoptions] [-- filter-expression]DESCRIPTION
Rasort reads argus data from an argus-data source, sorts the records based on the criteria specified on the command line, and outputs a valid argus-stream.
OPTIONS
Rasort, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options. rasort(1) specific options are:
- -M replace
-
Replace the existing file(s) with the sorted output(s).
- -m field [field ...]
- Supported sort fields are:
-
- stime
- record start time <default>
- ltime
- record last time.
- trans
- aggregation record count.
- dur
- record total duration.
- avgdur
- record average duration.
- mindur
- record minimum duration.
- maxdur
- record maximum duration.
- smac
- source MAC addr.
- dmac
- destination MAC addr.
- soui
- oui portion of the source MAC addr.
- doui
- oui portion of the destination MAC addr.
- saddr[/cidr]
- source IP addr, with optional cidr specification for IPv4 addresses.
- daddr[/cidr]
- destination IP addr, with optional cidr specification for IPv4 addresses.
- proto
- transaction protocol.
- sport
- source port number.
- dport
- destination port number.
- stos
- source TOS byte value.
- dtos
- destination TOS byte value.
- sttl
- src -> dst TTL value.
- dttl
- dst -> src TTL value.
- bytes
- total transaction bytes.
- sbytes
- src -> dst transaction bytes.
- dbytes
- dst -> src transaction bytes.
- pkts
- total transaction packet count.
- spkts
- src -> dst packet count.
- dpkts
- dst -> src packet count.
- load
- bits per second.
- sload
- source bits per second.
- dload
- destination bits per second.
- loss
- pkts retransmitted or dropped.
- sloss
- source pkts retransmitted or dropped.
- dloss
- destination pkts retransmitted or dropped.
- ploss
- percent pkts retransmitted or dropped.
- sploss
- percent source pkts retransmitted or dropped.
- dploss
- percent destination pkts retransmitted or dropped.
- rate
- pkts per second.
- srate
- source pkts per second.
- drate
- destination pkts per second.
- tranref
- argus transaction reference number.
- seq
- argus sequence number.
- smpls
- source MPLS identifier.
- dmpls
- destination MPLS identifier.
- svlan
- source VLAN identifier.
- dvlan
- destination VLAN identifier.
- srcid
- argus source identifier.
- stcpb
- source TCP base sequence number.
- dtcpb
- destination TCP base sequence number.
- tcprtt
- TCP connection setup round-trip time.
- smeansz
- source mean packet size
- dmeansz
- destination mean packet size
- sco
- source country code
- dco
- destination country code
- sas
- source autonomous system number
- das
-
destination autonomous system number
INVOCATION
A sample invocation of rasort(1). This call reads argus(8) data from inputfile and sorts the IP protocol based argus(8) data, first by the destination IP address, then by the service (destination) port number and then by the source IP address, and writes the results to stdout. For most services, this arranges argus(8) formatted data by server, service, and then by client.- rasort -r inputfile -m daddr dport saddr - ip
-
COPYRIGHT
Copyright (c) 2000-2016 QoSient. All rights reserved.FILES
AUTHORS
Carter Bullard (carter [at] qosient.com).
BUGS