•    getting started
•    examples
•    anonymization
•    archives
•    argus and netflow
•    audit systems
•    databases
•    filters
•    flow-tools
•    geolocation
•    processing packets
•    routing
•    sensor performance
•    visualization

•    credits
•    license
•    to-do list

•    faq
•    how-to
•    manuals
•    copyright
•    changes

•    registration
•    mailing lists

The argus-clients package provides a set of core client programs that provide the basic functions needed to use argus flow data. This includes printing, processing, sorting, aggregating, tallying, collecting, distributing, archiving, and anonymizing data. Here we provide basic examples of how to use the utility rasplit. For these examples, we use standard sets of argus data.

Rasplit is the principal client program that splits and distributes argus data streams, writes the data to files. Like all ra* client programs, rasplit shares the complete set of functionality of ra, so it has a lot of flexibility and utility. rasplit is predominately used to divide a single argus data stream into a number of destination files, in order to scale processing and analytics, or its used as an archive, distributing argus data records into a native system file structure, suitable for search, procesing and long term storage.

This is the default output. All aspects of the output can be modified, generally from the command line, and completely specified using the rarc file strategy, which is highly recommeneded and installed in the home directory as ./.rarc.

Rasplit supports spliting on the resulting output file size. This is very useful for Google Big Table like data structuring, where a fixed sized data object is the desire.

For the purposes of data archiving, search, and analytics, rasplit supports spliting on the contents of flow records, such as the source id ('srcid'), the startime time ('stime') etc... This is very useful for building archives.