RAGREP(1)RAGREP(1)NAMEragrep - grep argus(8) user captured data.
COPYRIGHT
Copyright (c) 2000-2008 QoSient. All rights reserved.
SYNOPSISragrep-e <regexp> [-v] [-i] [raoptions] [- filter-expression]
DESCRIPTION
Ragrep reads argus data from an argus-data source, greps the records
based on the regexp specified on the command line, and outputs a valid
argus-stream.
Ragrep works only on the fields for user captured data. Argus must be
started with the configration option ARGUS_CAPTURE_DATA_LEN set to a
value greater than 0, to have these data captured. See argus.conf(5)
for detail.
Ragrep is based on GNU grep(1), so the regexp syntax is the same as for
grep(1).
OPTIONS
Ragrep, like all ra based clients, supports a number of ra options
including filtering of input argus records through a terminating filter
expression. See ra(1) for a complete description of ra options.
ragrep(1) specific options are:
-e regexp
Use the grep(1)-compatible regular expression for filtering.
-i ignore case.
-v Reverse the expression matching logic.
INVOCATION
A sample invocation of ragrep(1). This call reads argus(8) data from
inputfile and greps all http transactions that generated a "404 Not
Found" error.
ragrep-r inputfile -e "HTTP.*404"
SEE ALSOra(1), rarc(5), argus(8),
FILESAUTHORS
Carter Bullard (carter@qosient.com).
BUGS
07 November 2000 RAGREP(1)