ragrep(1) grep argus(8) user captured data.

COPYRIGHT

Copyright (c) 2000-2008 QoSient. All rights reserved.

SYNOPSIS

ragrep -e <regexp> [-v] [-i] [raoptions] [- filter-expression]

DESCRIPTION

Ragrep reads argus data from an argus-data source, greps the records based on the regexp specified on the command line, and outputs a valid argus-stream.

Ragrep works only on the fields for user captured data. Argus must be started with the configration option ARGUS_CAPTURE_DATA_LEN set to a value greater than 0, to have these data captured. See argus.conf(5) for detail.

Ragrep is based on GNU grep(1), so the regexp syntax is the same as for grep(1).

OPTIONS

Ragrep, like all ra based clients, supports a number of ra options including filtering of input argus records through a terminating filter expression. See ra(1) for a complete description of ra options. ragrep(1) specific options are:

-e regexp
Use the grep(1)-compatible regular expression for filtering.

-i
ignore case.

-v
Reverse the expression matching logic.

INVOCATION

A sample invocation of ragrep(1). This call reads argus(8) data from inputfile and greps all http transactions that generated a "404 Not Found" error.

ragrep -r inputfile -e "HTTP.*404"

FILES

AUTHORS

Carter Bullard ([email protected]).

BUGS

SEE ALSO

LAST SEARCHED