Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RAEVENT(1)		    General Commands Manual		    RAEVENT(1)

NAME
       raevent - read argus(8) event data.

SYNOPSIS
       raevent [raoptions] [-- filter-expression]

DESCRIPTION
       Raevent reads argus(8) data from	either stdin, an argus-file, or	from a
       remote argus data source, filters the records it	encounters based on an
       optional	 filter-expression  and	 either	prints the contents of the ar-
       gus(5) records that it encounters to stdout or appends them into	an ar-
       gus(5) datafile.

OPTIONS
       Raevent,	like all ra based clients, supports a number of	ra options in-
       cluding filtering of input argus	records	through	a  terminating	filter
       expression.  See	ra(1) for a complete description of ra options.

EXAMPLE	INVOCATION
       % raevent -S localhost

       event[874]=
       2010/02/09.09:21:19.971182:srcid=192.168.0.68:prog:/usr/local/bin/ralsof
       <ArgusEvent>
	 <ArgusEventData>
	   COMMAND     PID   USER   FD	 TYPE	  DEVICE SIZE/OFF NODE NAME
	   SystemUIS   787 carter   11u	 IPv4 0x17ec2054      0t0  UDP *:*
	   SystemUIS   787 carter   13u	 IPv4 0x185a28ec      0t0  UDP *:*
	   AppleVNCS   798 carter    9u	 IPv6 0x172905c0      0t0  TCP *:5900 (LISTEN)
	   Mail	       817 carter   13u	 IPv4 0x18f73b1c      0t0  TCP 192.168.0.68:64540->17.148.16.45:993 (ESTABLISHED)
	   Mail	       817 carter   18u	 IPv4 0x20a15274      0t0  TCP 192.168.0.68:64542->17.148.16.45:993 (ESTABLISHED)
	   Mail	       817 carter   20u	 IPv4 0x172942d4      0t0  TCP 192.168.0.68:64541->17.148.16.45:993 (CLOSED)
	   Mail	       817 carter   21u	 IPv4 0x207f1a8c      0t0  TCP 192.168.0.68:64554->17.148.16.45:993 (ESTABLISHED)
	   Mail	       817 carter   26u	 IPv4 0x207fbb4c      0t0  TCP 192.168.0.68:64546->216.92.197.167:993 (ESTABLISHED)
	   Mail	       817 carter   29u	 IPv4 0x19e8d6b0      0t0  TCP 192.168.0.68:64547->216.92.197.167:993 (ESTABLISHED)
	   Mail	       817 carter   31u	 IPv4 0x207fb740      0t0  TCP 192.168.0.68:64548->216.92.197.167:993 (ESTABLISHED)
	   Mail	       817 carter   32u	 IPv4 0x20801abc      0t0  TCP 192.168.0.68:53902->216.92.197.167:993 (ESTABLISHED)
	   Mail	       817 carter   35u	 IPv4 0x19e8fb1c      0t0  TCP 192.168.0.68:50245->17.250.248.77:80 (CLOSED)
	   Mail	       817 carter   37u	 IPv4 0x207f5b4c      0t0  TCP 192.168.0.68:59403->216.75.197.71:80 (CLOSE_WAIT)
	   Mail	       817 carter   40u	 IPv4 0x19e8eef8      0t0  TCP 192.168.0.68:53903->216.75.197.71:80 (CLOSE_WAIT)
	   Mail	       817 carter   43u	 IPv4 0x20a1c2d4      0t0  TCP 192.168.0.68:53913->208.59.201.100:80 (ESTABLISHED)
	   Mail	       817 carter   46u	 IPv4 0x20802aec      0t0  TCP 192.168.0.68:59408->208.59.201.100:80 (ESTABLISHED)
	   Mail	       817 carter   50u	 IPv4 0x207f92d4      0t0  TCP 192.168.0.68:53916->208.59.201.100:80 (ESTABLISHED)
	   Microsoft   822 carter    5u	 IPv4 0x20a23740      0t0  TCP 192.168.0.68:53597->207.46.170.10:80 (CLOSED)
	   iChatAgen   830 carter    6u	 IPv4 0x185a2734      0t0  UDP 127.0.0.1:52122->127.0.0.1:52122
	   iChatAgen   830 carter   11u	 IPv4 0x20803f28      0t0  TCP 192.168.0.68:65360->205.188.3.5:5190 (ESTABLISHED)
	   FileSyncA   838 carter   15u	 IPv4 0x20a1caec      0t0  TCP 192.168.0.68:57148->17.250.248.123:80 (CLOSED)
	   aosnotify   843 carter    5u	 IPv4 0x20a1d710      0t0  TCP 192.168.0.68:56355->17.250.248.83:5223 (ESTABLISHED)
	   rasqlinse 27492 carter    5u	 IPv4 0x20a16abc      0t0  TCP 192.168.0.68:57166->192.168.0.82:561 (ESTABLISHED)
	   Safari    37870 carter   18u	 IPv4 0x20a1e740      0t0  TCP 192.168.0.68:56792->198.145.117.112:80 (CLOSE_WAIT)
	   Safari    37870 carter   33u	 IPv4 0x20800a8c      0t0  TCP 192.168.0.68:54690->69.192.29.115:443 (CLOSE_WAIT)
	   iTunes    91271 carter   22u	 IPv4 0x2080b710      0t0  TCP *:3689 (LISTEN)
	   iTunes    91271 carter   23u	 IPv6 0x172916d0      0t0  TCP *:3689 (LISTEN)
	 </ArgusEventData>
       </ArgusEvent>

       Consider	 raevent  as  a	proof of concept program for demonstrating the
       ArgusEvent system.

COPYRIGHT
       Copyright (c) 2000-2016 QoSient.	All rights reserved.

AUTHORS
       Carter Bullard (carter@qosient.com).

SEE ALSO
       ra(1), rarc(5), argus(8)

raevent	3.0.8		       07 February 2010			    RAEVENT(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLE INVOCATION | COPYRIGHT | AUTHORS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=raevent&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help