Content-type: text/html
Manpage of RADIUM
RADIUM
Section: Maintenance Commands (8)
Updated: 21 October 2001
Index
Return to Main Contents
NAME
radium - argus record multiplexor
SYNOPSIS
radium
[
options
] [
filter expression
]
COPYRIGHT
Copyright (c) 2000-2007 QoSient, LLC All rights reserved.
DESCRIPTION
Radium
is a real-time Argus Record multiplexor that processes Argus records
which match the boolean
expression.
Radium
provides the same file writing and remote access capabilities as argus,
however radium read argus records in a fashion similar to the ra* set
of argus clients.
Designed to run as a daemon,
radium
generally reads argus records directly from a remote argus, and writes the
transaction status information to a log file or open socket connected to an
argus
client (such as
ra(1)).
Radium
provides strong authenctication and confidentiality protection
for its data through the use of SASL. Please refer to the INSTALL
and README files for a complete description. In addition,
radium
also provides access control for its socket connection facility using
tcp_wrapper
technology. Please refer to the tcp_wrapper distribution
for a complete description.
Radium
can be completely configured from a system /etc/radium.conf configuration file,
or from a configuration file either in the $RADIUMHOME directory, or specified
on the command line.
OPTIONS
- -b
-
Dump the compiled packet-matching code to stdout and stop. This is
used to debug filter expressions.
- -B
-
<addr>
Specify the bind interface address for remote access. Acceptable values
are IP version 4 addresses. The default is to bind to INADDR_ANY
address.
- -d
-
Run radium as a daemon. This will cause radium to do the things that
Unix daemons do and return, if there were no errors, with radium
running as a detached process.
- -D
-
<level>
Print debug messages to stderr. When compiled to support debug printing,
the higher the <level> the more information printed. Acceptable
levels are 1-8.
- -e
-
<value>
Specify the source identifier for this radium. Acceptable values are
numbers, hostnames or ip address.
- -h
-
Print an explanation of all the arguments.
- -F
-
Use conffile as a source of configuration information.
Options set in this file override any other specification, and so
this is the last word on option values.
- -O
-
Turn off Berkeley Packet Filter optimizer. No reason to do this unless
you think the optimizer generates bad code.
- -p
-
Override the persistent connection facility.
Radium
provides a fault tolerant feature for its remote argus data access
facility. If the remote argus data source closes,
radium
will maintain its client connections, and attempt to reestablish
its connection with remote source. This option overrides this behavior,
causing
radium
to terminate if any of its remote sources closes.
- -P
-
<portnum>
Specifies the <portnum> for remote client connection.
The default is to not support remote access.
Setting the value to zero (0) will forceably turn off the
facility.
- -r
-
Read from
argus(8) ,
data files.
Radium
will read from only one input data file at a time.
If the
-r
option is specified,
radium
will not put down a
listen(2)
to support remote access.
- -S
-
<host[:port]>
Specify a remote argus-server <host>. Appending an
port specifier is required to attach to a port different than
the port value specified with the -P option, or the default.
- -T threshold[smh] (secs)
-
Indicate that radium should correct the timestamps of
received argus records, if they are out of sync by threshold
secconds. Threshold can be specified with the extensions s, m, or
h for seconds, minutes or hours.
- -w
-
<file ["filter"]
Write transaction status records to output-file. An output-file
of '-' directs radium to write the resulting radium-file output
to stdout.
- -X
-
Clear existing radium configuration. This removes any initialization done prior
to encountering this flag. Allows you to eliminate the effects of the
/etc/radium.conf file, or any radium.conf files that may have been loaded.
- expression
-
This
tcpdump(1)
expression
specifies which transactions will be selected. If no expression
is given, all transactions are selected. Otherwise,
only transactions for which expression is `true' will be dumped.
For a complete expression format description, please refer to the
tcpdump(1)
man page.
SIGNALS
Radium catches a number of signal(3) events.
The three signals SIGHUP, SIGINT, and SIGTERM
cause radium to exit, writing TIMEDOUT status records for
all currently active transactions. The signal SIGUSR1
will turn on debug reporting, and subsequent SIGUSR1
signals, will increment the debug-level. The signal SIGUSR2
will cause radium to turn off all debug reporting.
ENVIRONMENT
$RADIUMHOME - Radium Root directory
$RADIUMPATH - Radium.conf search path (/etc:$RADIUMHOME:$HOME)
FILES
/etc/radium.conf - radium daemon configuration file
/var/run/radium.#.#.pid - PID file
EXAMPLES
Run radium as a daemon, reading records from a remote host,
using port 561, and writing all its transaction status reports to
output-file. This is a typical mode.
-
radium -S remotehost:561 -d -e `hostname` -w output-file
Collect records from multiple argi, using port 561 on one and port
430 on the other, and make all of these records available to other
programs on port 562.
-
radium -S host1:561 -S host2:430 -de `hostname` -P 562
Collect records from multiple Cisco Netflow sources, using
the default port, and make the resulting argus records available
on port 562.
-
radium -C -S host1 -S host2 -de `hostname` -P 562
Radium supports both input filtering and output filtering,
and radium supports multiple output streams, each with their
own independant filters.
If you are interested in tracking IP traffic only (input
filter) and want to report ICMP traffic in one output file,
and all other IP traffic in another file.
-
radium -w file1 "icmp" -w file2 "not icmp" - ip
Audit the network activity that is flowing between the two
gateway routers, whose ethernet addresses are 00:08:03:2D:42:01 and
00:00:0C:18:29:F1. Make records available to other programs through
port 430/tcp.
-
radium ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &
Process argus records from a remote source only between 9am and 5pm every day
and provide access to this stream on port 562.
-
radium -S remotehost -t 9-17 -P 562
AUTHORS
Carter Bullard (carter@qosient.com)
SEE ALSO
radium.conf(5),
argus(8),
hosts_access(5),
hosts_options(5),
tcpd(8),
tcpdump(1)
Index
- NAME
-
- SYNOPSIS
-
- COPYRIGHT
-
- DESCRIPTION
-
- OPTIONS
-
- SIGNALS
-
- ENVIRONMENT
-
- FILES
-
- EXAMPLES
-
- AUTHORS
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 13:20:15 GMT, May 16, 2007