Linux repositories inspector


rasort 3.0.8
07 November 2000


IP network transaction auditing tool


Client tools for argus network audit


rasort - sort argus(8) data file.


rasort [[-M sortmode] [-m sort fields] ...] [raoptions] [-- filter-expression]


Rasort reads argus data from an argus-data source, sorts the records based on the criteria specified on the command line, and outputs a valid argus-stream.


Rasort, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options. rasort(1) specific options are:
-M replace
Replace the existing file(s) with the sorted output(s).
-m field [field ...]
Supported sort fields are:
stime record start time <default>
ltime record last time.
trans aggregation record count.
dur record total duration.
avgdur record average duration.
mindur record minimum duration.
maxdur record maximum duration.
smac source MAC addr.
dmac destination MAC addr.
soui oui portion of the source MAC addr.
doui oui portion of the destination MAC addr.
saddr[/cidr] source IP addr, with optional cidr specification for IPv4 addresses.
daddr[/cidr] destination IP addr, with optional cidr specification for IPv4 addresses.
proto transaction protocol.
sport source port number.
dport destination port number.
stos source TOS byte value.
dtos destination TOS byte value.
sttl src -> dst TTL value.
dttl dst -> src TTL value.
bytes total transaction bytes.
sbytes src -> dst transaction bytes.
dbytes dst -> src transaction bytes.
pkts total transaction packet count.
spkts src -> dst packet count.
dpkts dst -> src packet count.
load bits per second.
sload source bits per second.
dload destination bits per second.
loss pkts retransmitted or dropped.
sloss source pkts retransmitted or dropped.
dloss destination pkts retransmitted or dropped.
ploss percent pkts retransmitted or dropped.
sploss percent source pkts retransmitted or dropped.
dploss percent destination pkts retransmitted or dropped.
rate pkts per second.
srate source pkts per second.
drate destination pkts per second.
tranref argus transaction reference number.
seq argus sequence number.
smpls source MPLS identifier.
dmpls destination MPLS identifier.
svlan source VLAN identifier.
dvlan destination VLAN identifier.
srcid argus source identifier.
stcpb source TCP base sequence number.
dtcpb destination TCP base sequence number.
tcprtt TCP connection setup round-trip time.
smeansz source mean packet size
dmeansz destination mean packet size
sco source country code
dco destination country code
sas source autonomous system number
das destination autonomous system number


A sample invocation of rasort(1). This call reads argus(8) data from inputfile and sorts the IP protocol based argus(8) data, first by the destination IP address, then by the service (destination) port number and then by the source IP address, and writes the results to stdout. For most services, this arranges argus(8) formatted data by server, service, and then by client.
rasort -r inputfile -m daddr dport saddr - ip


Copyright (c) 2000-2016 QoSient. All rights reserved.


Carter Bullard ().


⇧ Top