Content-type: text/html Manpage of RADIUM

RADIUM

Section: Maintenance Commands (8)
Updated: 21 October 2001
Index Return to Main Contents
 

NAME

radium - argus record multiplexor  

SYNOPSIS

radium [ options ] [ filter expression ]  

COPYRIGHT

Copyright (c) 2000-2007 QoSient, LLC All rights reserved.  

DESCRIPTION

Radium is a real-time Argus Record multiplexor that processes Argus records which match the boolean expression. Radium provides the same file writing and remote access capabilities as argus, however radium read argus records in a fashion similar to the ra* set of argus clients.

Designed to run as a daemon, radium generally reads argus records directly from a remote argus, and writes the transaction status information to a log file or open socket connected to an argus client (such as ra(1)). Radium provides strong authenctication and confidentiality protection for its data through the use of SASL. Please refer to the INSTALL and README files for a complete description. In addition, radium also provides access control for its socket connection facility using tcp_wrapper technology. Please refer to the tcp_wrapper distribution for a complete description.

Radium can be completely configured from a system /etc/radium.conf configuration file, or from a configuration file either in the $RADIUMHOME directory, or specified on the command line.

 

OPTIONS

-b
Dump the compiled packet-matching code to stdout and stop. This is used to debug filter expressions.
-B
<addr> Specify the bind interface address for remote access. Acceptable values are IP version 4 addresses. The default is to bind to INADDR_ANY address.
-d
Run radium as a daemon. This will cause radium to do the things that Unix daemons do and return, if there were no errors, with radium running as a detached process.
-D
<level> Print debug messages to stderr. When compiled to support debug printing, the higher the <level> the more information printed. Acceptable levels are 1-8.
-e
<value> Specify the source identifier for this radium. Acceptable values are numbers, hostnames or ip address.
-h
Print an explanation of all the arguments.
-F
Use conffile as a source of configuration information. Options set in this file override any other specification, and so this is the last word on option values.
-O
Turn off Berkeley Packet Filter optimizer. No reason to do this unless you think the optimizer generates bad code.
-p
Override the persistent connection facility. Radium provides a fault tolerant feature for its remote argus data access facility. If the remote argus data source closes, radium will maintain its client connections, and attempt to reestablish its connection with remote source. This option overrides this behavior, causing radium to terminate if any of its remote sources closes.
-P
<portnum> Specifies the <portnum> for remote client connection. The default is to not support remote access. Setting the value to zero (0) will forceably turn off the facility.
-r
Read from argus(8) , data files. Radium will read from only one input data file at a time. If the -r option is specified, radium will not put down a listen(2) to support remote access.
-S
<host[:port]> Specify a remote argus-server <host>. Appending an port specifier is required to attach to a port different than the port value specified with the -P option, or the default.
-T threshold[smh] (secs)
Indicate that radium should correct the timestamps of received argus records, if they are out of sync by threshold secconds. Threshold can be specified with the extensions s, m, or h for seconds, minutes or hours.
-w
<file ["filter"] Write transaction status records to output-file. An output-file of '-' directs radium to write the resulting radium-file output to stdout.
-X
Clear existing radium configuration. This removes any initialization done prior to encountering this flag. Allows you to eliminate the effects of the /etc/radium.conf file, or any radium.conf files that may have been loaded.
expression
This tcpdump(1) expression specifies which transactions will be selected. If no expression is given, all transactions are selected. Otherwise, only transactions for which expression is `true' will be dumped. For a complete expression format description, please refer to the tcpdump(1) man page.

 

SIGNALS

Radium catches a number of signal(3) events. The three signals SIGHUP, SIGINT, and SIGTERM cause radium to exit, writing TIMEDOUT status records for all currently active transactions. The signal SIGUSR1 will turn on debug reporting, and subsequent SIGUSR1 signals, will increment the debug-level. The signal SIGUSR2 will cause radium to turn off all debug reporting.

 

ENVIRONMENT

$RADIUMHOME - Radium Root directory
$RADIUMPATH - Radium.conf search path (/etc:$RADIUMHOME:$HOME)

 

FILES

/etc/radium.conf         - radium daemon configuration file 
/var/run/radium.#.#.pid  - PID file 

 

EXAMPLES

Run radium as a daemon, reading records from a remote host, using port 561, and writing all its transaction status reports to output-file. This is a typical mode.

radium -S remotehost:561 -d -e `hostname` -w output-file

Collect records from multiple argi, using port 561 on one and port 430 on the other, and make all of these records available to other programs on port 562.

radium -S host1:561 -S host2:430 -de `hostname` -P 562

Collect records from multiple Cisco Netflow sources, using the default port, and make the resulting argus records available on port 562.

radium -C -S host1 -S host2 -de `hostname` -P 562

Radium supports both input filtering and output filtering, and radium supports multiple output streams, each with their own independant filters.

If you are interested in tracking IP traffic only (input filter) and want to report ICMP traffic in one output file, and all other IP traffic in another file.

radium -w file1 "icmp" -w file2 "not icmp" - ip

Audit the network activity that is flowing between the two gateway routers, whose ethernet addresses are 00:08:03:2D:42:01 and 00:00:0C:18:29:F1. Make records available to other programs through port 430/tcp.

radium ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &

Process argus records from a remote source only between 9am and 5pm every day and provide access to this stream on port 562.

radium -S remotehost -t 9-17 -P 562

 

AUTHORS

Carter Bullard (carter@qosient.com)
 

SEE ALSO

radium.conf(5), argus(8), hosts_access(5), hosts_options(5), tcpd(8), tcpdump(1)


 

Index

NAME
SYNOPSIS
COPYRIGHT
DESCRIPTION
OPTIONS
SIGNALS
ENVIRONMENT
FILES
EXAMPLES
AUTHORS
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 13:20:15 GMT, May 16, 2007