1RAEVENT(1) General Commands Manual RAEVENT(1)
2
6 raevent - read argus(8) event data.
7
9 raevent [raoptions] [-- filter-expression]
10
12 Raevent reads argus(8) data from either stdin, an argus-file, or from a
13 remote argus data source, filters the records it encounters based on an
14 optional filter-expression and either prints the contents of the
15 argus(5) records that it encounters to stdout or appends them into an
16 argus(5) datafile.
17
20 Raevent, like all ra based clients, supports a number of ra options
21 including filtering of input argus records through a terminating filter
22 expression. See ra(1) for a complete description of ra options.
23
26 % raevent -S localhost
27 event[874]=
29 2010/02/09.09:21:19.971182:srcid=192.168.0.68:prog:/usr/local/bin/ralsof
30 <ArgusEvent>
31 <ArgusEventData>
32 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
33 SystemUIS 787 carter 11u IPv4 0x17ec2054 0t0 UDP *:*
34 SystemUIS 787 carter 13u IPv4 0x185a28ec 0t0 UDP *:*
35 AppleVNCS 798 carter 9u IPv6 0x172905c0 0t0 TCP *:5900 (LISTEN)
36 Mail 817 carter 13u IPv4 0x18f73b1c 0t0 TCP 192.168.0.68:64540->17.148.16.45:993 (ESTABLISHED)
37 Mail 817 carter 18u IPv4 0x20a15274 0t0 TCP 192.168.0.68:64542->17.148.16.45:993 (ESTABLISHED)
38 Mail 817 carter 20u IPv4 0x172942d4 0t0 TCP 192.168.0.68:64541->17.148.16.45:993 (CLOSED)
39 Mail 817 carter 21u IPv4 0x207f1a8c 0t0 TCP 192.168.0.68:64554->17.148.16.45:993 (ESTABLISHED)
40 Mail 817 carter 26u IPv4 0x207fbb4c 0t0 TCP 192.168.0.68:64546->216.92.197.167:993 (ESTABLISHED)
41 Mail 817 carter 29u IPv4 0x19e8d6b0 0t0 TCP 192.168.0.68:64547->216.92.197.167:993 (ESTABLISHED)
42 Mail 817 carter 31u IPv4 0x207fb740 0t0 TCP 192.168.0.68:64548->216.92.197.167:993 (ESTABLISHED)
43 Mail 817 carter 32u IPv4 0x20801abc 0t0 TCP 192.168.0.68:53902->216.92.197.167:993 (ESTABLISHED)
44 Mail 817 carter 35u IPv4 0x19e8fb1c 0t0 TCP 192.168.0.68:50245->17.250.248.77:80 (CLOSED)
45 Mail 817 carter 37u IPv4 0x207f5b4c 0t0 TCP 192.168.0.68:59403->216.75.197.71:80 (CLOSE_WAIT)
46 Mail 817 carter 40u IPv4 0x19e8eef8 0t0 TCP 192.168.0.68:53903->216.75.197.71:80 (CLOSE_WAIT)
47 Mail 817 carter 43u IPv4 0x20a1c2d4 0t0 TCP 192.168.0.68:53913->208.59.201.100:80 (ESTABLISHED)
48 Mail 817 carter 46u IPv4 0x20802aec 0t0 TCP 192.168.0.68:59408->208.59.201.100:80 (ESTABLISHED)
49 Mail 817 carter 50u IPv4 0x207f92d4 0t0 TCP 192.168.0.68:53916->208.59.201.100:80 (ESTABLISHED)
50 Microsoft 822 carter 5u IPv4 0x20a23740 0t0 TCP 192.168.0.68:53597->207.46.170.10:80 (CLOSED)
51 iChatAgen 830 carter 6u IPv4 0x185a2734 0t0 UDP 127.0.0.1:52122->127.0.0.1:52122
52 iChatAgen 830 carter 11u IPv4 0x20803f28 0t0 TCP 192.168.0.68:65360->205.188.3.5:5190 (ESTABLISHED)
53 FileSyncA 838 carter 15u IPv4 0x20a1caec 0t0 TCP 192.168.0.68:57148->17.250.248.123:80 (CLOSED)
54 aosnotify 843 carter 5u IPv4 0x20a1d710 0t0 TCP 192.168.0.68:56355->17.250.248.83:5223 (ESTABLISHED)
55 rasqlinse 27492 carter 5u IPv4 0x20a16abc 0t0 TCP 192.168.0.68:57166->192.168.0.82:561 (ESTABLISHED)
56 Safari 37870 carter 18u IPv4 0x20a1e740 0t0 TCP 192.168.0.68:56792->198.145.117.112:80 (CLOSE_WAIT)
57 Safari 37870 carter 33u IPv4 0x20800a8c 0t0 TCP 192.168.0.68:54690->69.192.29.115:443 (CLOSE_WAIT)
58 iTunes 91271 carter 22u IPv4 0x2080b710 0t0 TCP *:3689 (LISTEN)
59 iTunes 91271 carter 23u IPv6 0x172916d0 0t0 TCP *:3689 (LISTEN)
60 </ArgusEventData>
61 </ArgusEvent>
62 Consider raevent as a proof of concept program for demonstrating the
65 ArgusEvent system.
66
69 Copyright (c) 2000-2016 QoSient. All rights reserved.
70
72 Carter Bullard (carter@qosient.com).
73
75 ra(1), rarc(5), argus(8)
76raevent 3.0.8 07 February 2010 RAEVENT(1)