Content-type: text/html <HTML><HEAD><TITLE>Manpage of RABINS</TITLE> </HEAD><BODY> <H1>RABINS</H1> Section: User Commands (1)<BR>Updated: 12 August 2003<BR><A HREF="#index">Index</A> <A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> <A NAME="lbAB"> </A> <H2>NAME</H2> <B>rabins</B> - split <B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A>(8)</B> data. <A NAME="lbAC"> </A> <H2>SYNOPSIS</H2> <B>rabins</B> [[<B>-M</B> <I>splitmode</I>] [<I>splitmode options</I>]] [<B>raoptions</B>] <A NAME="lbAD"> </A> <H2>DESCRIPTION</H2> <A NAME="ixAAB"></A> <P> <B>Rabins</B> reads <B>argus</B> data from an <I>argus-data</I> source, and adjust the data so that it is aligned to a set of bins, or slots. The resulting output is split, modified, and optionally aggregated so that the data fits to the constraints defined on the command line. <P> The primary function of rabins is to align data on a time series of arbitrary size and width. Records that span a time boundary are split, so that the data represents that fraction that resides in the bin, with the metrics adjusted in a uniformly distributed fashion. The result is a series of data and/or fragments that are time aligned, and is appropriate for time seried analysis, and visualization. <P> When a record is split to conform to a time series bin, either the starting or ending timestamps can fall within a time boundary. In some applications, it is desired that the timestamps conform to the time bin boundaries, however in some applications having the exact times is critical to retain transaction duration and burst behavior. Rabins supports the <B>hard</B> and <B>soft</B> options to direct whether timestamps should conform to boundaries. The default is <B>hard</B> which forces <B>rabins</B> to modify the start and stop timestamps in records to the time series slot boundaries. <B>soft</B> slot boundary conformity preserves partial durations in the records. <P> The output files name consists of a prefix, which is specified using the <I>-w</I> <I>ra option</I>, and for all modes except <B>time</B> mode, a suffix, which is created for each resulting file. If no prefix is provided, then <B>rabins</B> will use 'x' as the default prefix. The suffix that is used is determined by the mode of operation. When <B>rabins</B> is using the default count mode or the size mode, the suffix is a group of letters 'aa', 'ab', and so on, such that concatenating the output files in sorted order by file name produces the original input file. If <B>rabins</B> will need to create more output files than are allowed by the default suffix strategy, more letters will be added, in order to accomodate the needed files. <P> When <B>rabins</B> is spliting based on time, <B>rabins</B> uses a default extension of %Y.%m.%d.%h.%m.%s. This default can be overrided by adding a '%' extension to the name provided using the <I>-w</I> option. <P> When standard out is specified, using <I>-w -</I>, <B>rabins</B> will output a single <B>argus-stream</B> with START and STOP argus management records inserted appropriately to indicate where the output is split. See <B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A>(8)</B> for more information on output stream formats. <P> When <B>rabins</B> is spliting on output record count (the default), the number of records is specified as an ordinal counter, the default is 1000 records. When <B>rabins</B> is spliting based on the maximum output file size, the size is specified as bytes. The scale of the bytes can be specified by appending 'b', 'k' and 'm' to the number provided. <P> When <B>rabins</B> is spliting base on time, the time period is specified with the option, and can be any period based in seconds (s), minutes (m), hours (h), days (d), weeks (w), months (M) or years (y). <B>Rabins</B> will create and modify records as required to split on prescribed time boundaries. If any record spans a time boundary, the record is split and the metrics are adjusted using a uniform distribution model to distribute the statistics between the two records. <P> <A NAME="lbAE"> </A> <H2>RABINS SPECIFIC OPTIONS</H2> Rabins, like all ra based clients, supports a number of <B>ra options</B> including remote data access, reading from multiple files and filtering of input argus records through a terminating filter expression. <B><A HREF="http://localhost/cgi-bin/man/man2html?1+rabins">rabins</A>(1)</B> specific options are: <DL COMPACT> <DT><B>-a</B><I> suffix length</I> <DD> default is 2 characters. <DT><B>-M</B><I> splitmode</I> <DD> Supported spliting modes are: <PRE> <B> time <period></B> <B> count <n[kmb]</B> <B> size <n[kmb]></B> <B> soft</B> <B> nomodify</B> </PRE> <DT><B>-m</B><I> aggregation object</I> <DD> Supported aggregation objects are: <PRE> <B> none - use a null flow key.</B> <B> srcid - argus source identifier.</B> <B> smac - source mac(ether) addr.</B> <B> dmac - destination mac(ether) addr.</B> <B> smpls[ind] - source mpls label</B> <B> dmpls[ind] - destination mpls label</B> <B> svlan - source vlan label.</B> <B> dvlan - destination vlan label.</B> <B> saddr - source IP addr.</B> <B> daddr - destination IP addr.</B> <B> proto - transaction protocol.</B> <B> sport - source sap.</B> <B> dport - destination sap.</B> <B> stos - source TOS byte value.</B> <B> dtos - destination TOS value.</B> <B> sttl - source TTL value.</B> <B> dttl - destination TTL value.</B> <B> stcpb - source TCP base seq number.</B> <B> dtcpb - destination TCP base seq number.</B> </PRE> <DT><B>-w</B><I> filename</I> <DD> <B>Rabins</B> supports an extended <I>-w</I> option that allows for output record contents to be inserted into the output filename. Specified using '$' (dollar) notation, any printable field can be used. Care should be taken to honor any shell escape requirements when specifying on the command line. See <B><A HREF="http://localhost/cgi-bin/man/man2html?1+ra">ra</A>(1)</B> for the list of printable fields. <P> Another extended feature, when using <B>time</B> mode, <B>rabins</B> will process the supplied filename using <B><A HREF="http://localhost/cgi-bin/man/man2html?3+strftime">strftime</A>(3)</B>, so that time fields can be inserted into the resulting output filename. <P> </DL> <A NAME="lbAF"> </A> <H2>INVOCATION</H2> This invocation reads <B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A>(8)</B> data from <B>inputfile</B> and splits the <B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A>(8)</B> data stream based on output file size of no greater than 1 Megabyte. The resulting output files have a prefix of <I>argus.</I> and suffix that starts with 'aa'. <PRE> <B>rabins</B> -r argusfile -M soft time 1m -s +1dur -m proto - ip </PRE> <P> This invocation splits <B>inputfile</B> based on hard 10 minute time boundaries. The resulting output files are created with a prefix of <I>/archive/%Y/%m/%d/argus.</I> and the suffixes <I>%H.%M.%S</I>. The values will be supplied based on the time in the record being written out. <PRE> <B>rabins</B> -r * -M time 10m -w "/archive/%Y/%m/%d/argus.%H.%M.%S" </PRE> <P> This invocation splits <B>inputfile</B> based on the argus source identifier. The resulting output files are created with a prefix of <I>/archive/Source Identifier/argus.</I> and the default suffix starting with "aa". The source identifier will be supplied based on the contents of the record being exported. <PRE> <B>rabins</B> -r * -M time 10m -w "/archive/\$srcid/argus." </PRE> <A NAME="lbAG"> </A> <H2>COPYRIGHT</H2> Copyright (c) 2000-2007 QoSient. All rights reserved. <P> <A NAME="lbAH"> </A> <H2>SEE ALSO</H2> <B><A HREF="http://localhost/cgi-bin/man/man2html?1+ra">ra</A>(1),</B> <B><A HREF="http://localhost/cgi-bin/man/man2html?5+rarc">rarc</A>(5),</B> <B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A>(8),</B> <P> <A NAME="lbAI"> </A> <H2>AUTHORS</H2> <PRE> Carter Bullard (<A HREF="mailto:carter@qosient.com">carter@qosient.com</A>). </PRE> <P> <HR> <A NAME="index"> </A><H2>Index</H2> <DL> <DT><A HREF="#lbAB">NAME</A><DD> <DT><A HREF="#lbAC">SYNOPSIS</A><DD> <DT><A HREF="#lbAD">DESCRIPTION</A><DD> <DT><A HREF="#lbAE">RABINS SPECIFIC OPTIONS</A><DD> <DT><A HREF="#lbAF">INVOCATION</A><DD> <DT><A HREF="#lbAG">COPYRIGHT</A><DD> <DT><A HREF="#lbAH">SEE ALSO</A><DD> <DT><A HREF="#lbAI">AUTHORS</A><DD> </DL> <HR> This document was created by <A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, using the manual pages.<BR> Time: 13:20:15 GMT, May 16, 2007 </BODY> </HTML>
