Custom output format.

Carter Bullard carter at qosient.com
Tue Jun 18 08:35:42 EDT 2002 

Hey Scott,
   The new argus-clients that I'll be putting out in a few
weeks will have support in all ra* programs to control
what fields will be printed and in what order.  You
can specify them on the command-line or in a .rarc formatted
file, or both, of course.  It handles all the fields, some
in groups, (such as src and dst combined).  This also applies
to ratop() which is vastly improved, so we'll have consistency
between tools.

It will take me a few weeks still to get the alpha finished,
as there is a lot of stuff that I'm bundling together for
the new argus-clients, and I've got other things to do as
well ;o)

   For the command line, here is the man page entry for
the option, ("-s").

       -s  [-][[+[#]]field  Specify  the output fields.
                            Ra commands use a default printing
                            field list, which can be modified or
                            completely replaced.  Using the optional
                            '-' or '+[#]', you can modify the existing
                            default by removing or adding print fields,
                            respectively.  If the optional column
                            number is omitted on the '+' operator, the
                            field is appended to the current list.
                            When the optional '-' or '+' are not used,
                            the complete printing specification is
replaced
                            with the one specified on the command line.

                            The available fields to print are:
 
              startime, lasttime, dur, avgdur, trans, 
              srcid, ind, dir, mac, smac, dmac, proto,
              saddr, daddr, sport, dport, stos, dtos,
              sttl, dttl, bytes, sbytes, dbytes,
              pkts, spkts, dpkts, load, sload, dload,
              loss, sloss, dloss, rate, srate, drate,
              jitter, sjitter, djitter, user, suser, duser,
              win, swin, dwin, seq, sseq, dseq, 
              vlan, svlan, dvlan, mpls, smpls, dmpls, status
 
           Examles are:
              -s saddr   print only the source address.
              -s -bytes  removes the src and dst byte fields.
              -s +2mac   adds src and dst MAC addrs as 2nd field.


And here is the example .rarc entry:

# All ra* clients are designed to provide flexibility in what data
# is printed when configured to generate ASCII output.
# For ra() like clients, this variable overides the default field
# printing specification.  This is the equivalent to the "-s option".
#
# The below example is the default field definition.
#
 
RA_FIELD_SPECIFIER="startime ind proto saddr sport dir daddr dport pkts
bytes status"
 

What do you think?

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com


 
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Scott A. McIntyre
> Sent: Monday, June 17, 2002 3:39 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Custom output format.
> 
> 
> Hi,
> 
> I was wondering what sorts of solutions people have come up 
> with for customizing the output format of ra() and its brethren?
> 
> Specifically, I would like to have a way to omit port numbers 
> in transactions, or perhaps change the ordering of columns, 
> that sort of thing.
> 
> Thanks for any ideas/thoughts.
> 
> Scott
> 
> 
>

More information about the argus mailing list