RAMON(1) General Commands Manual RAMON(1)NAME
ramon - provide RMON2 style reports from argus(8) data.
COPYRIGHT
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS
ramon [ra-options] -M (TopN | Matrix | HostProto | HostSvc | Svc) [-M Net/masklen] [ expression ]
DESCRIPTION
Ramon reads argus(8) data from an argus data source, aggregates the records, sorts them based on user supplied criteria and generates mod-
ified argus data that supports RMON2 style tables and data reporting.
Ramon supports the same sorting capabilites and calling syntax as rasort() for specifying the sorting algorithm and order.
The output is valid argus data, and can be operated on using any ra*() program.
Like all ra based clients, ramon supports a large number of options, configuration through .rarc files, and input filtering using the ter-
minating filter expression.
See the ra(1) man page for details on ra-options and expression syntax.
RAMON SPECIFIC OPTIONS -M TopN
Generate the top N list of network addresses and supply the incoming and outgoing packet and bytes counts. The addresses can be modi-
fied using the -M Net mode in addition to this mode.
-M Matrix
Generate the list of talkers ( A <-> B) and supply the incoming and outgoing packet and byte counts. The talker addresses can be mod-
ified using the -M Net mode.
-M HostProto
Generate the list of protocols that are being used by each address and supply the incoming and outgoing packet and byte counts seen.
-M HostSvc
Generate the list of services that are being used by each address and supply the incoming and outgoing packet and byte counts seen.
-M Svc
Generate the list of services (dst port number) and supply the incoming and outgoing packet and byte counts seen.
-M Net[/masklen]
Track addresses as networks rather than host addresses. If the option masklen is not provided, the addresses are traced as subnets
based on their Class network address.
-a Don't filter output to match expression filter. This generates the complete set of addresses/nets that contributed to the inbound and
outbound metrics.
AUTHORS
Carter Bullard (carter@qosient.com).
SEE ALSO ra(1), rasort(1), rarc(5), argus(8),
07 November 2000 RAMON(1)
Check Out this Related Man Page
RASTRIP(1) General Commands Manual RASTRIP(1)NAME
rastrip - strip argus(8) data file.
COPYRIGHT
Copyright (c) 2000-2003 QoSient. All rights reserved.
SYNOPSIS
rastrip [[-M stripfield] [stripfield] ...] [raoptions]
DESCRIPTION
Rastrip reads argus data from an argus-data source, and removes data sections that are specified on the command line, and outputs a valid
argus-stream. If rastrip is run without any stripfield directives, the default is to strip out all information from the record except the
FAR information and TCP specific information. This default generates an argus-stream that contains the same semantic information that was
present in argus-1.5 data records, and generates the same output from ra().
OPTIONS
Rastrip, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter
expression. See ra(1) for a complete description of ra options. rastrip(1) specific options are:
-M [-|+]stripfield
Supported stripfields are:
far flow descriptors and flow metrics
mac media access control addresses
tcp TCP specific identifiers and metrics, such as base sequence numbers, advertised window sizes and retransmission sta-
tistics.
icmp ICMP specific identifiers and metrics, such as the source address of the ICMP packet, the declared gateway address
and the ICMP types and modes, such as ECHO or Port Unreachable, along with the port value.
rtp RTP and RTCP specific identifiers and metrics, such as the source stream identifiers, the last sequence number and
stream drop statistics.
igmp IGMP specific identifiers and metrics.
arp IGMP specific identifiers and metrics, such as the MAC address of the responder to arp requests for a specific
address.
frag Fragmentation specific identifiers and metrics, such as the average fragment size, number of fragments in this frag-
ment, last offset seen in this fragment.
esp ESP specific identifiers and metrics, such as the Security Identifier the last sequence number seen and drop statis-
tics.
mpls MPLS specific identifiers, such as the last MPLS label seen on this flow.
vlan VLAN specific identifiers, such as the source and destination VLAN identifiers. flow.
pppoe PPPOE specific identifiers, such as the source and destination SAP identifiers.
agr Aggregation specific metrics, such as the number of records aggregated, the mean record duration, standard devia-
tions.
jitter Jitter specific metrics, such as the mean interpacket arrival time while the flow is active, max, min and standard
deviation, as well as metrics for while the flow is idle.
user All user data capture buffers.
srcuser User data capture buffer from the source node.
dstuser User data capture buffer from the destination node.
stime Source jitter information.
dtime Destination jitter information.
INVOCATION
Sample invocations of rastrip(1). The first call reads argus(8) data from inputfile and strips the record, leaving only the FAR data,
which contains the flow descriptors and basic metrics, and jitter information.
rastrip -r inputfile -M far jitter
The next sample invocation of rastrip(1), adds vlan specific information to the default far and tcp information that would normally be
retained.
rastrip -r inputfile -M +vlan
The next sample invocation of rastrip(1), removes only the user data capture buffers from the argus-stream, keep the rest of the data
intact.
rastrip -r inputfile -M -user
SEE ALSO ra(1), rarc(5), argus(8), tcpdump(1)FILES AUTHORS
Carter Bullard (carter@qosient.com).
BUGS
04 December 2001 RASTRIP(1)