1RADIUM(8) System Manager's Manual RADIUM(8)
2
3
4
6 radium - argus record multiplexor
7
9 radium [ options ] [ raoptions ]
10
12 Radium is a real-time Argus Record multiplexor that processes Argus
13 records and Netflow records and outputs them to any number of client
14 programs and files. Radium is a combination of the features of ra.1
15 and argus.8, supporting access for upto 128 client programs to argus
16 records originating from remote data sources and/or local managed argus
17 data files. Using radium you can construct complex distribution net‐
18 works for collecting and processing argus data, and providing a single
19 point of access to archived argus data.
20
21 Designed to run as a daemon, radium generally reads argus records
22 directly from a remote argus, and writes the transaction status infor‐
23 mation to a log file or open socket connected to an argus client (such
24 as ra(1)). Radium provides the same data access controls as argus.8,
25 including remote filtering, source address based access control, indi‐
26 vual oriented strong authentication and confidentiality protection for
27 the distributed data, using SASL and tcp_wrapper technology. Please
28 refer to the INSTALL and README files for each distribution for a com‐
29 plete description.
30
31 Radium is normally configured from a system /etc/radium.conf configura‐
32 tion file, or from a configuration file either in the $RADIUMHOME
33 directory, or specified on the command line.
34
36 Radium, like all ra based clients, supports a number of ra options
37 including remote data access, reading from multiple files and filtering
38 of input argus records through a terminating filter expression.
39 radium(8) specific options are:
40
42 -B <addr>
43 Specify the bind interface address for remote access. Acceptable
44 values are IP version 4 addresses. The default is to bind to
45 INADDR_ANY address.
46
47 -d Run radium as a daemon. This will cause radium to do the things
48 that Unix daemons do and return, if there were no errors, with
49 radium running as a detached process.
50
51 -e <value>
52 Specify the source identifier for this radium. Acceptable values
53 are numbers, hostnames or ip address.
54
55 -f <radium.conf>
56 Use radium.conf as a source of configuration information. Options
57 set in this file override any other specification, and so this is
58 the last word on option values. This file is read after the system
59 /etc/radium.conf file is processed. See radium.conf.5 for the con‐
60 figuration file format.
61
62 -O Turn off Berkeley Packet Filter optimizer. No reason to do this
63 unless you think the optimizer generates bad code.
64
65 -p Override the persistent connection facility. Radium provides a
66 fault tolerant feature for its remote argus data access facility.
67 If the remote argus data source closes, radium will maintain its
68 client connections, and attempt to reestablish its connection with
69 remote source. This option overrides this behavior, causing
70 radium to terminate if any of its remote sources closes.
71
72 -P <portnum>
73 Specifies the <portnum> for remote client connection. The default
74 is to not support remote access. Setting the value to zero (0)
75 will forceably turn off the facility.
76
77 -S <host[:port][//full/path/to/argus.data.file]> Attach to a specific
78 remote host to receive argus records. Append an optional port
79 specifier to attach to a port value other than the default 561.
80 Without the optional full pathname, radium will continuously
81 transmit a stream of real-time flow records as they are received.
82 With the optional filename, radium will open the argus datafile
83 specified, and stream the contents, closing the connection with
84 the file EOF.
85
86
87 -T threshold[smh] (secs)
88 Indicate that radium should correct the timestamps of received
89 argus records, if they are out of sync by threshold secconds.
90 Threshold can be specified with the extensions s, m, or h for sec‐
91 onds, minutes or hours. -X Clear existing radium configuration.
92 This removes any initialization done prior to encountering this
93 flag. Allows you to eliminate the effects of the /etc/radium.conf
94 file, or any radium.conf files that may have been loaded.
95
96
98 Radium catches a number of signal(3) events. The three signals SIGHUP,
99 SIGINT, and SIGTERM cause radium to exit, writing TIMEDOUT status
100 records for all currently active transactions. The signal SIGUSR1 will
101 turn on debug reporting, and subsequent SIGUSR1 signals, will increment
102 the debug-level. The signal SIGUSR2 will cause radium to turn off all
103 debug reporting.
104
105
107 $RADIUMHOME - Radium Root directory
108 $RADIUMPATH - Radium.conf search path (/etc:$RADIUMHOME:$HOME)
109
110
112 /etc/radium.conf - radium daemon configuration file
113 /var/run/radium.#.#.pid - PID file
114
115
117 Run radium as a daemon, reading records from a remote host, using port
118 561, and writing all its transaction status reports to output-file.
119 This is a typical mode.
120 radium -S remotehost:561 -d -e `hostname` -w output-file
121
122 Collect records from multiple argi, using port 561 on one and port 430
123 on the other, and make all of these records available to other programs
124 on port 562.
125 radium -S host1:561 -S host2:430 -de `hostname` -P 562
126
127 Collect records from multiple Cisco Netflow sources, using the default
128 port, and make the resulting argus records available on port 562.
129 radium -C -S host1 -S host2 -de `hostname` -P 562
130
131 Radium supports both input filtering and output filtering, and radium
132 supports multiple output streams, each with their own independant fil‐
133 ters.
134
135 If you are interested in distributing IP traffic only (input filter)
136 and want to separate traffic into differing files based on traffic
137 type, this simple example separates ICMP traffic from other traffic.
138 radium -w file1 "icmp" -w file2 "not icmp" - ip
139
140 Audit the network activity that is flowing between the two gateway
141 routers, whose ethernet addresses are 00:08:03:2D:42:01 and
142 00:00:0C:18:29:F1. Make records available to other programs through
143 port 430/tcp.
144 radium -S source -P 430 - ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &
145
146 Process argus records from a remote source only between 9am and 5pm
147 every day and provide access to this stream on port 562.
148 radium -S remotehost -t 9-17 -P 562
149
150
152 Copyright (c) 2000-2016 QoSient, LLC All rights reserved.
153
155 Carter Bullard (carter@qosient.com)
156
158 radium.conf(5), argus(8), hosts_access(5), hosts_options(5), tcpd(8),
159 tcpdump(1)
160
161
162
163radium 3.0.8 21 October 2001 RADIUM(8)