rastrip - strip argus(8) data file.

       Carter Bullard (carter@qosient.com).

rastrip 3.0.8                                   07 November 2000                                      RASTRIP(1)

       Copyright (c) 2000-2016 QoSient. All rights reserved.

Rastrip reads argus data from an argus-data source, strips the records based on the criteria specified on
       the  command  line,  and  outputs  a  valid argus-stream. This is useful to reduce the size of argus data
       files.  Rastrip always removes argus management transactions, thus having the same effect as a 'not  man'
       filter expression.

       A sample invocation of rastrip(1).  This call reads argus(8) data from inputfile and strips  the  default
       dsr set but keeps MAC addresses and writes the result to outputfile:

       rastrip-M+mac-rinputfile-woutputfile

       This call removes only captured user data and timings and writes the result to stdout:

       rastrip-M-suser-M-duser-M-time-rinputfile

rastrip - strip argus(8) data file.

       Rastrip,  like  all  ra based clients, supports a number of raoptions including filtering of input argus
       records through a terminating filter expression.  See ra(1) for a complete  description  of  raoptions.
       rastrip(1) specific options are:

       -M[+|-]dsr
           Strip specified dsr (data set record).

           Supported dsrs are:
              flow   flow key data (proto, saddr, sport, dir, daddr, dport)
              time   time stamp fields (stime, ltime).
              metric basic ([s|d]bytes, [s|d]pkts, [s|d]rate, [s|d]load)
              agr    aggregation stats (trans, avgdur, mindur, maxdur, stdev).
              net    network objects (tcp, esp, rtp, icmp data).
              vlan   VLAN tag data
              mpls   MPLS label data
              jitter Jitter data ([s|d]jit, [s|d]intpkt)
              ipattr IP attributes ([s|d]ipid, [s|d]tos, [s|d]dsb, [s|d]ttl)
              suser  src user captured data bytes (suser)
              duser  dst captured user data bytes (duser)
              mac    MAC addresses (smac, dmac)
              icmp   ICMP specific data (icmpmap, inode)
              encaps Flow encapsulation type indications

       In  the  default  mode, without the -M option, rastrip removes the following default set of dsrs: encaps,
       agr, vlan, mpls, mac, icmp, ipattr, jitter, suser, duser

       -Mreplace
           Replace the existing file with the newly striped file.

ra(1),rarc(5),argus(8),

rastrip [-M [replace] [+|-]dsr [-M ...]]  [raoptions] [--filter-expression]