1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
|
.\" Copyright (c) 2000 QoSient, LLC
.\" All rights reserved.
.\"
.\" Permission to use, copy, modify, and distribute this software and
.\" its documentation for any purpose and without fee is hereby granted,
.\" provided that the above copyright notice appear in all copies and
.\" that both that copyright notice and this permission notice appear
.\" in supporting documentation, and that the name of QoSient not
.\" be used in advertising or publicity pertaining to distribution of
.\" the software without specific, written prior permission.
.\"
.\" QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
.\" SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
.\" FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
.\" SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
.\" RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
.\" CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
.\" CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"
.TH RARC 1 "07 November 2000"
.SH NAME
\fBrarc\fP \- \fBra\fP client resource file.
.SH SYNOPSIS
.B rarc
.SH COPYRIGHT
Copyright (c) 2000 QoSient, LLC All rights reserved.
.SH DESCRIPTION
Ra* clients will open this file if its in the users $HOME directory,
or in the $ARGUSHOME directory, and parse it to set common configuration
options. All of these values will be overriden by options set on the
command line, or in the file specified using the '-F conffile' option.
Values can be quoted to make string denotation easier, however, the
parser does not require that string values be quoted. To support this,
the parse will remove " (double quote) characters from input strings, so
do not use this character in strings themselves.
Values specified as "" will be treated as a NULL string, and the parser
will ignore the variable setting.
.SH RA_ARGUS_SERVER
All ra* clients can attach to a remote server, and collect argus data
in real time. This variable can be a name or a dot notation IP address.
\fBRA_ARGUS_SERVER=\fPlocalhost
.SH RA_CISCONETFLOW_SERVER
All ra* clients can read Cisco Netflow records directly from Cisco
routers. Specifying this value will alert the ra* client to open
a UDP based socket listening for Cisco Netflow data.
\fBRA_CISCONETFLOW_SERVER=\fPno
.SH RA_ARGUS_SERVERPORT
Whether the remote data source is an Argus Server or a Cisco router,
the port number that will be used to bind to is specified using this
variable. For Argus Servers, the default is 561, the "experimental
monitor" port. For Cisco Netflow records, the default is 9995.
\fBRA_ARGUS_SERVERPORT=\fP561
.SH RA_OUTPUT_FILE
All ra* clients can support writing output as Argus Records into
a file or stdout. Stdout is specified as '-'.
\fBRA_OUTPUT_FILE=\fp"filename"
.SH RA_TIMERANGE
All ra* clients can support input filtering on a time range. The
format is:
.nf
\fBtimeSpecification[-timeSpecification]\fP
where the format of a timeSpecification can be:
[[[yy/]mm/]dd.]hh[:mm[:ss]]
[yy/]mm/dd
\fBRA_TIMERANGE=\fP"55/12/04.00:00:01-55/12/04.23:59:59"
\fBRA_TIMERANGE=\fP"12/04-12/05"
.fi
.SH RA_RUN_TIME
All ra* clients can support running for a number of seconds,
while attached to a remote source of argus data. This is a type
of polling. The default is zero (0), which means run indefinately.
\fBRA_RUN_TIME\fP=0
.SH RA_PRINT_LABELS
Most ra* clients are designed to print argus records out in ASCII,
with each client supporting its own output formats. For ra() like
clients, this variable will generate column headers as labels.
The number is the number of lines between repeated header labeling.
Setting this value to zero (0) will cause the labels to be printed
once. If you don't want labels, comment this line out, delete it
or set the value to -1.
\fBRA_PRINT_LABELS\fP=0
.SH RA_FIELD_DELIMITER
Most ra* clients are designed to print argus records out in ASCII,
with each client supporting its own output formats. For ra() like
clients, this variable can overide the default field delimiter,
which are variable spans of space (' '), to be any character.
The most common are expected to be '\t' for tabs, and ',' for
comma separated fields.
\fBRA_FIELD_DELIMITER=\fP','
.SH RA_PRINT_SUMMARY
For ra() like clients, this variable will printout summary data
for the client session, at the termination of the program.
\fBRA_PRINT_SUMMARY=\fPno
.SH RA_PRINT_ARGUSID
For ra() like clients, this variable will printout the Argus ID
that generated the flow record.
\fBRA_PRINT_ARGUSID=\fPno
.SH RA_PRINT_MACADDR
For ra() like clients, this variable will printout the MAC
addresses involved in the flow record, if the MAC address
information is available.
\fBRA_PRINT_MACADDRS=\fPno
.SH RA_PRINT_INDICATORS
For ra() like clients, this variable will print the extended
state and protocol indicators.
\fBRA_PRINT_INDICATORS=\fPyes
.SH RA_PRINT_HOSTNAMES
For \fBra(1)\fP like clients, this variable will suppress resolving
hostnames, and print the dot notation IP address, or ':' notation
ethernet address. There is a huge performance impact with
name lookup, so the default is to not resolve hostnames.
\fBRA_PRINT_HOSTNAMES=\fPno
When you intend to print hostnames and port service names
rather than the numbers, these variables will help to
avoid truncating of hostnames, and provide pretty printing
with tools such as \fBra(1)\fP, \fBragator(1)\fP and \fBrasort(1)\fP.
These values are simple suggestions.
.nf
\fBRA_HOST_FIELD_LENGTH=\fP28
\fBRA_PORT_FIELD_LENGTH=\fP10
.fi
.SH RA_PRINT_COUNTS
For ra() like clients, this variable will include the packet and
byte counts in the output format.
\fBRA_PRINT_COUNTS=\fPyes
.SH RA_PRINT_RESPONSE_DATA
For ra() like clients, this variable will include the response
data that is provided by Argus. This is protocol and state
specific.
\fBRA_PRINT_RESPONSE_DATA=\fPno
.SH RA_PRINT_UNIX_TIME
For ra() like clients, this variable will force the timestamp
to be in Unix time format, which is an integer representing the
number of elapsed seconds since the epoch.
\fBRA_PRINT_UNIX_TIME\fP=no
.SH RA_TIME_FORMAT
For ra() like clients, this variable is used to override the
time format of the timestamp. This string must conform to
the format specified in strftime(). Malformed strings can
generate fatal errors, so be careful with this one.
\fBRA_TIME_FORMAT=\fP"%y-%m-%d %T"
.SH RA_PRINT_STARTIME
For ra() like clients, this variable is used to override the
time format of the timestamp. This determines if the
transaction start time will be displayed or not.
\fBRA_PRINT_STARTIME=\fPyes
.SH RA_PRINT_LASTIME
For ra() like clients, this variable is used to override the
time format of the timestamp. This determines if the
transaction last time will be displayed or not.
\fBRA_PRINT_LASTIME=\fPno
.SH RA_PRINT_DURATION
For ra() like clients, this variable is used to override the
time format of the timestamp. This variable determines if
the transaction duration time will be printed or not.
\fBRA_PRINT_DURATION=\fPyes
.SH RA_USEC_PRECISION
For ra() like clients, this variable is used to override the
time format of the timestamp. This variable specifies the
number of decimal places that will be printed as the fractional
part of the time. Argus collects usec precision, and so a
maximum value of 6 is supported. To not print the fractional
part, specify the value zero (0).
\fBRA_USEC_PRECISION=\fP6
.SH RA_USERDATA_ENCODE
Argus can capture user data. When printing out the user data
contents, using tools such as raxml(), the type of encoding
can be specified here. Supported values are "Ascii", or "Encode64".
\fBRA_USERDATA_ENCODE=\fPAscii
.SH RA_DEBUG_LEVEL
If compiled to support this option, ra* clients are capable
of generating a lot of use [full | less | whatever] debug
information. The default value is zero (0).
\fBRA_DEBUG_LEVEL=\fP0
.SH RA_FILTER
You can provide a filter expression here, if you like.
It should be limited to 2K in length. The default is to
not filter. See ra(1) for the format of the filter expression.
\fBRA_FILTER=\fP""
.SH SASL SUPPPORT
When argus is compiled with SASL support, ra* clients may be
required to authenticate to the argus server before the argus
will accept the connection. This variable will allow one to
set the user and authorization id's, if needed. Although
not recommended you can provide a password through the
RA_AUTH_PASS variable. The format for this variable is:
.nf
\fBRA_USER_AUTH=\fP"user_id/authorization_id"
\fBRA_AUTH_PASS=\fP"password"
.fi
.RE
.SH SEE ALSO
.BR ra (1)
|
