Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RAGREP(1)		    General Commands Manual		     RAGREP(1)

NAME
       ragrep -	grep argus(8) user captured data.

SYNOPSIS
       ragrep [options]	-e pattern [raoptions] [-- filter-expression]
       ragrep [options]	-f file	   [raoptions] [- filter-expression]

DESCRIPTION
       Ragrep  reads  argus  data from an argus-data source, greps the records
       based on	the regexp specified on	the command line, and outputs a	 valid
       argus-stream.

       Ragrep  works  only on the fields for user captured data. Argus must be
       started with the	configration option ARGUS_CAPTURE_DATA_LEN  set	 to  a
       value  greater  than  0,	to have	these data captured. See argus.conf(5)
       for detail.

       Ragrep is based on GNU grep(1), so the regexp syntax is the same	as for
       grep(1).

OPTIONS
       Ragrep,	like all ra based clients, supports a number of	ra options in-
       cluding filtering of input argus	records	through	a  terminating	filter
       expression.   See  ra(1)	for a complete description of ra options.  ra-
       grep(1) specific	options	are:

       -c  Suppress normal output; instead print a count of matching lines for
	   each	 input	file.  With the	-v, --invert-match option (see below),
	   count non-matching lines.

       -e <regex>
	   Match regular expression in flow user  data	fields.	  Prepend  the
	   regex  with	either	"s:"  or "d:" to limit the match to either the
	   source or destination user data fields.  Examples include:
	      "^SSH-"		- Look for ssh connections on any port.
	      "s:^GET"		- Look for HTTP	GET requests in	the source buffer.
	      "d:^HTTP.*Unauth"	- Find unauthorized http response.

       -f FILE
	   Obtain patterns from	FILE, one per line.  The empty	file  contains
	   zero	patterns, and therefore	matches	nothing.

       -i  Ignore case distinctions in both the	PATTERN	and the	input files.

       -L  Suppress  normal  output; instead print the name of each input file
	   from	which no output	would normally have been printed.   The	 scan-
	   ning	will stop on the first match.

       -l  Suppress  normal  output; instead print the name of each input file
	   from	which output would normally have been printed.	 The  scanning
	   will	stop on	the first match.

       -q  Quiet;  do not write	anything to standard output.  Exit immediately
	   with	zero status if any match is found, even	if an  error  was  de-
	   tected.

       -R  Read	 all  files under each directory, recursively; this is equiva-
	   lent	to the -d recurse option.

       -v  Reverse the expression matching logic.

DIAGNOSTICS
       Normally, exit status is	0 if selected records are found	and  1	other-
       wise.  But the exit status is 2 if an error occurred, unless the	-q op-
       tion is used and	a selected line	is found.

INVOCATION
       A sample	invocation of ragrep(1).  This call reads argus(8)  data  from
       inputfile  and  greps  all  http	transactions that generated a "404 Not
       Found" error.

       ragrep -r inputfile -e "HTTP.*404"

SEE ALSO
       ra(1), rarc(5), argus(8),

COPYRIGHT
       Copyright (c) 2000-2016 QoSient.	All rights reserved.
AUTHORS
       Carter Bullard (carter@qosient.com).
BUGS
ragrep 3.0.8			 15 March 2010			     RAGREP(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | DIAGNOSTICS | INVOCATION | SEE ALSO | COPYRIGHT | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ragrep&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help