1RADIUM(8)                   System Manager's Manual                  RADIUM(8)
2
3
4

NAME

6       radium - argus record multiplexor
7

SYNOPSIS

9       radium [ options ] [ raoptions ]
10

DESCRIPTION

12       Radium  is  a  real-time  Argus Record multiplexor that processes Argus
13       records and Netflow records and outputs them to any  number  of  client
14       programs  and  files.   Radium is a combination of the features of ra.1
15       and argus.8, supporting access for upto 128 client  programs  to  argus
16       records originating from remote data sources and/or local managed argus
17       data files.  Using radium you can construct complex  distribution  net‐
18       works  for collecting and processing argus data, and providing a single
19       point of access to archived argus data.
20
21       Designed to run as a  daemon,  radium  generally  reads  argus  records
22       directly  from a remote argus, and writes the transaction status infor‐
23       mation to a log file or open socket connected to an argus client  (such
24       as  ra(1)).   Radium provides the same data access controls as argus.8,
25       including remote filtering, source address based access control,  indi‐
26       vual  oriented strong authentication and confidentiality protection for
27       the distributed data, using SASL and  tcp_wrapper  technology.   Please
28       refer  to the INSTALL and README files for each distribution for a com‐
29       plete description.
30
31       Radium is normally configured from a system /etc/radium.conf configura‐
32       tion  file,  or  from  a  configuration  file either in the $RADIUMHOME
33       directory, or specified on the command line.
34

RADIUM SPECIFIC OPTIONS

36       Radium, like all ra based clients, supports  a  number  of  ra  options
37       including remote data access, reading from multiple files and filtering
38       of  input  argus  records  through  a  terminating  filter  expression.
39       radium(8) specific options are:
40

OPTIONS

42       -B <addr>
43            Specify  the bind interface address for remote access.  Acceptable
44            values are IP version 4 addresses.  The  default  is  to  bind  to
45            INADDR_ANY address.
46
47       -d   Run  radium  as a daemon.  This will cause radium to do the things
48            that Unix daemons do and return, if there  were  no  errors,  with
49            radium running as a detached process.
50
51       -e <value>
52            Specify  the source identifier for this radium.  Acceptable values
53            are numbers, hostnames or ip address.
54
55       -f <radium.conf>
56            Use radium.conf as a source of configuration information.  Options
57            set  in this file override any other specification, and so this is
58            the last word on option values. This file is read after the system
59            /etc/radium.conf file is processed. See radium.conf.5 for the con‐
60            figuration file format.
61
62       -O   Turn off Berkeley Packet Filter optimizer.  No reason to  do  this
63            unless you think the optimizer generates bad code.
64
65       -p   Override  the  persistent  connection facility.  Radium provides a
66            fault tolerant feature for its remote argus data access  facility.
67            If  the  remote argus data source closes, radium will maintain its
68            client connections, and attempt to reestablish its connection with
69            remote  source.   This  option  overrides  this  behavior, causing
70            radium to terminate if any of its remote sources closes.
71
72       -P <portnum>
73            Specifies the <portnum> for remote client connection.  The default
74            is  to  not  support remote access.  Setting the value to zero (0)
75            will forceably turn off the facility.
76
77       -S   <host[:port][//full/path/to/argus.data.file]> Attach to a specific
78            remote  host  to  receive  argus  records. Append an optional port
79            specifier to attach to a port value other than  the  default  561.
80            Without  the  optional  full  pathname,  radium  will continuously
81            transmit a stream of real-time flow records as they are  received.
82            With  the  optional  filename, radium will open the argus datafile
83            specified, and stream the contents, closing  the  connection  with
84            the file EOF.
85
86
87       -T threshold[smh] (secs)
88            Indicate  that  radium  should  correct the timestamps of received
89            argus records, if they are out  of  sync  by  threshold  secconds.
90            Threshold can be specified with the extensions s, m, or h for sec‐
91            onds, minutes or hours.  -X Clear existing  radium  configuration.
92            This  removes  any  initialization done prior to encountering this
93            flag.  Allows you to eliminate the effects of the /etc/radium.conf
94            file, or any radium.conf files that may have been loaded.
95
96

SIGNALS

98       Radium catches a number of signal(3) events.  The three signals SIGHUP,
99       SIGINT, and SIGTERM cause  radium  to  exit,  writing  TIMEDOUT  status
100       records for all currently active transactions.  The signal SIGUSR1 will
101       turn on debug reporting, and subsequent SIGUSR1 signals, will increment
102       the  debug-level.  The signal SIGUSR2 will cause radium to turn off all
103       debug reporting.
104
105

ENVIRONMENT

107       $RADIUMHOME - Radium Root directory
108       $RADIUMPATH - Radium.conf search path (/etc:$RADIUMHOME:$HOME)
109
110

FILES

112       /etc/radium.conf         - radium daemon configuration file
113       /var/run/radium.#.#.pid  - PID file
114
115

EXAMPLES

117       Run radium as a daemon, reading records from a remote host, using  port
118       561,  and  writing  all  its transaction status reports to output-file.
119       This is a typical mode.
120              radium -S remotehost:561 -d -e `hostname` -w output-file
121
122       Collect records from multiple argi, using port 561 on one and port  430
123       on the other, and make all of these records available to other programs
124       on port 562.
125              radium -S host1:561 -S host2:430 -de `hostname` -P 562
126
127       Collect records from multiple Cisco Netflow sources, using the  default
128       port, and make the resulting argus records available on port 562.
129              radium -C -S host1 -S host2 -de `hostname` -P 562
130
131       Radium  supports  both input filtering and output filtering, and radium
132       supports multiple output streams, each with their own independant  fil‐
133       ters.
134
135       If  you  are  interested in distributing IP traffic only (input filter)
136       and want to separate traffic into  differing  files  based  on  traffic
137       type, this simple example separates ICMP traffic from other traffic.
138              radium -w file1 "icmp" -w file2 "not icmp" - ip
139
140       Audit  the  network  activity  that  is flowing between the two gateway
141       routers,   whose   ethernet   addresses   are   00:08:03:2D:42:01   and
142       00:00:0C:18:29:F1.   Make  records  available to other programs through
143       port 430/tcp.
144              radium -S source -P 430 - ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &
145
146       Process argus records from a remote source only  between  9am  and  5pm
147       every day and provide access to this stream on port 562.
148              radium -S remotehost -t 9-17 -P 562
149
150

COPYRIGHT

152       Copyright (c) 2000-2016 QoSient, LLC   All rights reserved.
153

AUTHORS

155       Carter Bullard (carter@qosient.com)
156

SEE ALSO

158       radium.conf(5),  argus(8),  hosts_access(5), hosts_options(5), tcpd(8),
159       tcpdump(1)
160
161
162
163radium 3.0.8                    21 October 2001                      RADIUM(8)