Man page - rastrip(1)

Packages contains this manual

Package:  argus-client
apt-get install argus-client

Manuals in package:
• rasort(1)
• ra(1)
• radium.conf(5)
• rapolicy(1)
• racompare(1)
• ralabel.conf(5)
• rafilteraddr(1)
• rastrip(1)
• racolor.conf(5)
• rahisto(1)
• rasplit(1)
• rasql(1)
• ragrep(1)
• rabins(1)
• ratop(1)
• ranonymize(1)
• racluster(1)
• raevent(1)
• rasqlinsert(1)
• racount(1)
• radump(1)
• raconvert(1)
• radecode(1)
• ra.conf(5)
• rarc(5)
• rastream(1)
• rasqltimeindex(1)
• radns.conf(1)
• ratrace(1)
• ramanage.conf.5(5)
• ragen(1)
• radium(8)
• ramanage(1)
• racluster.conf(1)
• ralabel(1)
• rapath(1)
• ranonymize(5)
• radns(1)
• ragraph(1)
• rasqlcheckconf(1)
Documentations in package:
• argus-client

Manual

RASTRIP

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
INVOCATION
COPYRIGHT
SEE ALSO
FILES
AUTHORS
BUGS

---

NAME

rastrip - strip argus(8) data file.

SYNOPSIS

rastrip [ -M [replace] [+|-] dsr [-M ...]] [ raoptions ] [ -- filter-expression ]

DESCRIPTION

Rastrip reads argus data from an argus-data source, strips the records based on the criteria specified on the command line, and outputs a valid argus-stream . This is useful to reduce the size of argus data files. Rastrip always removes argus management transactions, thus having the same effect as a ’not man’ filter expression.

OPTIONS

Rastrip, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options . rastrip(1) specific options are:
-M [+|-]dsr

Strip specified dsr (data set record).

Supported dsrs are:

	flow		flow key data (proto, saddr, sport, dir, daddr, dport)
	time		time stamp fields (stime, ltime).
	metric		basic ([s|d]bytes, [s|d]pkts, [s|d]rate, [s|d]load)
	agr		aggregation stats (trans, avgdur, mindur, maxdur, stdev).
	net		network objects (tcp, esp, rtp, icmp data).
	vlan		VLAN tag data
	mpls		MPLS label data
	jitter		Jitter data ([s|d]jit, [s|d]intpkt)
	ipattr		IP attributes ([s|d]ipid, [s|d]tos, [s|d]dsb, [s|d]ttl)
	suser		src user captured data bytes (suser)
	duser		dst captured user data bytes (duser)
	mac		MAC addresses (smac, dmac)
	icmp		ICMP specific data (icmpmap, inode)
	encaps		Flow encapsulation type indications

In the default mode, without the -M option, rastrip removes the following default set of dsrs: encaps, agr, vlan, mpls, mac, icmp, ipattr, jitter, suser, duser
-M replace

Replace the existing file with the newly striped file.

INVOCATION

A sample invocation of rastrip(1) . This call reads argus(8) data from inputfile and strips the default dsr set but keeps MAC addresses and writes the result to outputfile :

rastrip -M +mac -r inputfile -w outputfile

This call removes only captured user data and timings and writes the result to stdout:

rastrip -M -suser -M -duser -M -time -r inputfile

COPYRIGHT

Copyright (c) 2000-2024 QoSient. All rights reserved.

SEE ALSO

ra(1), rarc(5), argus(8),

FILES

AUTHORS

Carter Bullard (carter@qosient.com).

BUGS

---