1RAEVENT(1)                  General Commands Manual                 RAEVENT(1)
2
3
4

NAME

6       raevent - read argus(8) event data.
7

SYNOPSIS

9       raevent [raoptions] [-- filter-expression]
10

DESCRIPTION

12       Raevent reads argus(8) data from either stdin, an argus-file, or from a
13       remote argus data source, filters the records it encounters based on an
14       optional  filter-expression  and  either  prints  the  contents  of the
15       argus(5) records that it encounters to stdout or appends them  into  an
16       argus(5) datafile.
17
18

OPTIONS

20       Raevent,  like  all  ra  based clients, supports a number of ra options
21       including filtering of input argus records through a terminating filter
22       expression.  See ra(1) for a complete description of ra options.
23
24

EXAMPLE INVOCATION

26       % raevent -S localhost
27
28       event[874]=
29       2010/02/09.09:21:19.971182:srcid=192.168.0.68:prog:/usr/local/bin/ralsof
30       <ArgusEvent>
31         <ArgusEventData>
32           COMMAND     PID   USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
33           SystemUIS   787 carter   11u  IPv4 0x17ec2054      0t0  UDP *:*
34           SystemUIS   787 carter   13u  IPv4 0x185a28ec      0t0  UDP *:*
35           AppleVNCS   798 carter    9u  IPv6 0x172905c0      0t0  TCP *:5900 (LISTEN)
36           Mail        817 carter   13u  IPv4 0x18f73b1c      0t0  TCP 192.168.0.68:64540->17.148.16.45:993 (ESTABLISHED)
37           Mail        817 carter   18u  IPv4 0x20a15274      0t0  TCP 192.168.0.68:64542->17.148.16.45:993 (ESTABLISHED)
38           Mail        817 carter   20u  IPv4 0x172942d4      0t0  TCP 192.168.0.68:64541->17.148.16.45:993 (CLOSED)
39           Mail        817 carter   21u  IPv4 0x207f1a8c      0t0  TCP 192.168.0.68:64554->17.148.16.45:993 (ESTABLISHED)
40           Mail        817 carter   26u  IPv4 0x207fbb4c      0t0  TCP 192.168.0.68:64546->216.92.197.167:993 (ESTABLISHED)
41           Mail        817 carter   29u  IPv4 0x19e8d6b0      0t0  TCP 192.168.0.68:64547->216.92.197.167:993 (ESTABLISHED)
42           Mail        817 carter   31u  IPv4 0x207fb740      0t0  TCP 192.168.0.68:64548->216.92.197.167:993 (ESTABLISHED)
43           Mail        817 carter   32u  IPv4 0x20801abc      0t0  TCP 192.168.0.68:53902->216.92.197.167:993 (ESTABLISHED)
44           Mail        817 carter   35u  IPv4 0x19e8fb1c      0t0  TCP 192.168.0.68:50245->17.250.248.77:80 (CLOSED)
45           Mail        817 carter   37u  IPv4 0x207f5b4c      0t0  TCP 192.168.0.68:59403->216.75.197.71:80 (CLOSE_WAIT)
46           Mail        817 carter   40u  IPv4 0x19e8eef8      0t0  TCP 192.168.0.68:53903->216.75.197.71:80 (CLOSE_WAIT)
47           Mail        817 carter   43u  IPv4 0x20a1c2d4      0t0  TCP 192.168.0.68:53913->208.59.201.100:80 (ESTABLISHED)
48           Mail        817 carter   46u  IPv4 0x20802aec      0t0  TCP 192.168.0.68:59408->208.59.201.100:80 (ESTABLISHED)
49           Mail        817 carter   50u  IPv4 0x207f92d4      0t0  TCP 192.168.0.68:53916->208.59.201.100:80 (ESTABLISHED)
50           Microsoft   822 carter    5u  IPv4 0x20a23740      0t0  TCP 192.168.0.68:53597->207.46.170.10:80 (CLOSED)
51           iChatAgen   830 carter    6u  IPv4 0x185a2734      0t0  UDP 127.0.0.1:52122->127.0.0.1:52122
52           iChatAgen   830 carter   11u  IPv4 0x20803f28      0t0  TCP 192.168.0.68:65360->205.188.3.5:5190 (ESTABLISHED)
53           FileSyncA   838 carter   15u  IPv4 0x20a1caec      0t0  TCP 192.168.0.68:57148->17.250.248.123:80 (CLOSED)
54           aosnotify   843 carter    5u  IPv4 0x20a1d710      0t0  TCP 192.168.0.68:56355->17.250.248.83:5223 (ESTABLISHED)
55           rasqlinse 27492 carter    5u  IPv4 0x20a16abc      0t0  TCP 192.168.0.68:57166->192.168.0.82:561 (ESTABLISHED)
56           Safari    37870 carter   18u  IPv4 0x20a1e740      0t0  TCP 192.168.0.68:56792->198.145.117.112:80 (CLOSE_WAIT)
57           Safari    37870 carter   33u  IPv4 0x20800a8c      0t0  TCP 192.168.0.68:54690->69.192.29.115:443 (CLOSE_WAIT)
58           iTunes    91271 carter   22u  IPv4 0x2080b710      0t0  TCP *:3689 (LISTEN)
59           iTunes    91271 carter   23u  IPv6 0x172916d0      0t0  TCP *:3689 (LISTEN)
60         </ArgusEventData>
61       </ArgusEvent>
62
63
64       Consider  raevent  as  a proof of concept program for demonstrating the
65       ArgusEvent system.
66
67
69       Copyright (c) 2000-2016 QoSient. All rights reserved.
70

AUTHORS

72       Carter Bullard (carter@qosient.com).
73

SEE ALSO

75       ra(1), rarc(5), argus(8)
76
77
78
79raevent 3.0.8                  07 February 2010                     RAEVENT(1)
Impressum