1RASORT(1) General Commands Manual RASORT(1)
2
6 rasort - sort argus(8) data file.
7
9 rasort [[-M sortmode] [-m sort fields] ...] [raoptions] [-- filter-
10 expression]
11
13 Rasort reads argus data from an argus-data source, sorts the records
14 based on the criteria specified on the command line, and outputs a
15 valid argus-stream.
16
18 Rasort, like all ra based clients, supports a number of ra options
19 including filtering of input argus records through a terminating filter
20 expression. See ra(1) for a complete description of ra options.
21 rasort(1) specific options are:
22 -M replace
24 Replace the existing file(s) with the sorted output(s).
25 -m field [field ...]
27 Supported sort fields are:
28 stime record start time <default>
29 ltime record last time.
30 trans aggregation record count.
31 dur record total duration.
32 avgdur record average duration.
33 mindur record minimum duration.
34 maxdur record maximum duration.
35 smac source MAC addr.
36 dmac destination MAC addr.
37 soui oui portion of the source MAC addr.
38 doui oui portion of the destination MAC addr.
39 saddr[/cidr] source IP addr, with optional cidr specification
40 for IPv4 addresses.
41 daddr[/cidr] destination IP addr, with optional cidr specifiā
42 cation for IPv4 addresses.
43 proto transaction protocol.
44 sport source port number.
45 dport destination port number.
46 stos source TOS byte value.
47 dtos destination TOS byte value.
48 sttl src -> dst TTL value.
49 dttl dst -> src TTL value.
50 bytes total transaction bytes.
51 sbytes src -> dst transaction bytes.
52 dbytes dst -> src transaction bytes.
53 pkts total transaction packet count.
54 spkts src -> dst packet count.
55 dpkts dst -> src packet count.
56 load bits per second.
57 sload source bits per second.
58 dload destination bits per second.
59 loss pkts retransmitted or dropped.
60 sloss source pkts retransmitted or dropped.
61 dloss destination pkts retransmitted or dropped.
62 ploss percent pkts retransmitted or dropped.
63 sploss percent source pkts retransmitted or dropped.
64 dploss percent destination pkts retransmitted or
65 dropped.
66 rate pkts per second.
67 srate source pkts per second.
68 drate destination pkts per second.
69 tranref argus transaction reference number.
70 seq argus sequence number.
71 smpls source MPLS identifier.
72 dmpls destination MPLS identifier.
73 svlan source VLAN identifier.
74 dvlan destination VLAN identifier.
75 srcid argus source identifier.
76 stcpb source TCP base sequence number.
77 dtcpb destination TCP base sequence number.
78 tcprtt TCP connection setup round-trip time.
79 smeansz source mean packet size
80 dmeansz destination mean packet size
81 sco source country code
82 dco destination country code
83 sas source autonomous system number
84 das destination autonomous system number
85
89 A sample invocation of rasort(1). This call reads argus(8) data from
90 inputfile and sorts the IP protocol based argus(8) data, first by the
91 destination IP address, then by the service (destination) port number
92 and then by the source IP address, and writes the results to stdout.
93 For most services, this arranges argus(8) formatted data by server,
94 service, and then by client.
95 rasort -r inputfile -m daddr dport saddr - ip
97
100 Copyright (c) 2000-2016 QoSient. All rights reserved.
101
103 ra(1), rarc(5), argus(8),
104
107 Carter Bullard (carter@qosient.com).
108
110rasort 3.0.8 07 November 2000 RASORT(1)