rasort

RASORT(1)                   General Commands Manual                  RASORT(1)



NAME
       rasort - sort argus(8) data file.

COPYRIGHT
       Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS
       rasort [[-M sortmode] [sortmode] ...]  [raoptions]

DESCRIPTION
       Rasort reads argus data from an argus-data source, sorts the records
       based on the criteria specified on the command line, and outputs a
       valid argus-stream.

OPTIONS
       Rasort, like all ra based clients, supports a number of ra options
       including filtering of input argus records through a terminating filter
       expression.  See ra(1) for a complete description of ra options.
       rasort(1) specific options are:

       -M sortmode    Supported sortmodes are:
              time           record start time <default>
              startime       record start time <default>
              lasttime       record last time.
              trans          aggregation record count.
              dur            record total duration.
              avgdur         record average duration.
              saddr          source IP addr.
              daddr          destination IP addr.
              proto          transaction protocol.
              sport          source port number.
              dport          destination port number.
              stos           source TOS byte value.
              dtos           destination TOS byte value.
              sttl           src -> dst TTL value.
              dttl           dst -> src TTL value.
              bytes          total transaction bytes.
              sbytes         src -> dst transaction bytes.
              dbytes         dst -> src transaction bytes.
              pkts           total transaction packet count.
              spkts          src -> dst packet count.
              dpkts          dst -> src packet count.
              load           bits per second.
              loss           pkts retransmitted or dropped.
              rate           pkts per second.
              tranref        argus transaction reference number.
              seq            argus sequence number.
              srcid          argus source identifier.


INVOCATION
       A sample invocation of rasort(1).  This call reads argus(8) data from
       inputfile and sorts the IP protocol based argus(8) data, first by the
       destination IP address, then by the service (destination) port number
       and then by the source IP address, and writes the results to stdout.
       For most services, this arranges argus(8) formatted data by server,
       service, and then by client.

       rasort -r inputfile -M daddr dport saddr - ip

SEE ALSO
       ra(1), rarc(5), argus(8), tcpdump(1)

FILES
AUTHORS
       Carter Bullard (carter@qosient.com).

BUGS
                               07 November 2000                      RASORT(1)