1RADIUM.CONF(1) General Commands Manual RADIUM.CONF(1)
2
6 radium.conf - radium resource file.
7
9 radium.conf
10
12 Radium will open this radium.conf if its installed as /etc/radium.conf.
13 It will also search for this file as radium.conf in directories speci‐
14 fied in $RADIUMPATH, or $RADIUMHOME, $RADIUMHOME/lib, or $HOME,
15 $HOME/lib, and parse it to set common configuration options. All val‐
16 ues in this file can be overriden by command line options, or other
17 files of this format that can be read in using the -F option.
18
21 Variable assignments must be of the form:
22 VARIABLE=
23 with no white space between the VARIABLE and the '=' sign. Quotes are
24 optional for string arguments, but if you want to embed comments, then
25 quotes are required.
26
29 Radium is capable of running as a daemon, doing all the right things
30 that daemons do. When this configuration is used for the system daemon
31 process, say for /etc/radium.conf, this variable should be set to
32 "yes".
33 The default value is to not run as a daemon.
35 This example is to support the ./support/Startup/radium script which
37 requires that this variable be set to "yes".
38 Commandline equivalent -d
40 RADIUM_DAEMON=no
42
45 Radium Monitor Data is uniquely identifiable based on the source iden‐
46 tifier that is included in each output record. This is to allow you to
47 work with Argus Data from multiple monitors at the same time. The ID
48 is 32 bits long, and supports a number of formats as legitimate values.
49 Radium supports unsigned ints, IPv4 addresses and 4 bytes strings, as
50 values.
51 The formats are discerned from the values provided. Double-quoted val‐
53 ues are treated as strings, and are truncated to 4 characters. Non-
54 quoted values are tested for whether they are hostnames, and if not,
55 then they are tested wheter they are numbers.
56 The configuration allows for you to use host names, however, do have
58 some understanding how `hostname` will be resolved by the nameserver
59 before commiting to this strategy completely.
60 For convenience, argus supports the notion of "`hostname`" for assign‐
62 ing the probe's id. This is to support management of large deploy‐
63 ments, so you can have one argus.conf file that works for a lot of
64 probes.
65 For security, argus does not rely on system programs, like hostname.1.
67 It implements the logic of hostname itself, so don't try to run arbi‐
68 trary programs using this method, because it won't work.
69 Commandline equivalent -e
71 RADIUM_MONITOR_ID=`hostname` // IPv4 address returned RADIUM_MONI‐
73 TOR_ID=10.2.45.3 // IPv4 address RADIUM_MONITOR_ID=2435 //
74 Number RADIUM_MONITOR_ID="en0" // String
75
79 Radium can attach to any number of remote argus servers, and collect
80 argus data in real time. The syntax for this variable is a hostname or
81 a dot notation IP address, followed by an optional port value, sepa‐
82 rated by a ':'. If the port is not specified, the default value of 561
83 is used.
84 Commandline equivalent -S <host[:port]>
86 RADIUM_ARGUS_SERVER=localhost:561
88
91 Radium can read Cicso Netflow records directly from Cisco routers.
92 Specifying this value will alert Radium to open a UDP based socket lis‐
93 tening for data from this name or address.
94 Commandline equivalent -C
96 RADIUM_CISCONETFLOW_PORT=9996
98
101 When argus is compiled with SASL support, ra* clients may be required
102 to authenticate to the argus server before the argus will accept the
103 connection. This variable will allow one to set the user and autho‐
104 rization id's, if needed. Although not recommended you can provide a
105 password through the RADIUM_AUTH_PASS variable. The format for this
106 variable is:
107 Commandline equivalent -U
109 RADIUM_USER_AUTH=user_id/authorization_id RADIUM_AUTH_PASS=the_password
111
114 Radium monitors can provide a real-time remote access port for collect‐
115 ing Radium data. This is a TCP based port service and the default port
116 number is tcp/561, the "experimental monitor" service. This feature is
117 disabled by default, and can be forced off by setting it to zero (0).
118 When you do want to enable this service, 561 is a good choice, as all
120 ra* clients are configured to try this port by default.
121 Commandline equivalent -P
123 RADIUM_ACCESS_PORT=561
125
128 When remote access is enabled (see above), you can specify that Radium
129 should bind only to a specific IP address. This is useful, for exam‐
130 ple, in restricting access to the local host, or binding to a private
131 interface while capturing from another. The default is to bind to any
132 IP address.
133 Commandline equivalent -B
135 RADIUM_BIND_IP="127.0.0.1"
137
140 Radium can write its output to one or a number of files, default limit
141 is 5 concurrent files, each with their own independant filters.
142 The format is:
144 RADIUM_OUTPUT_FILE=/full/path/file/name
145 RADIUM_OUTPUT_FILE=/full/path/file/name "filter"
146 Most sites will have radium write to a file, for reliablity and perfor‐
148 mance. The example file name is used here as supporting programs, such
149 as ./support/Archive/radiumarchive are configured to use this file.
150 Commandline equivalent -w
152 RADIUM_OUTPUT_FILE=/var/log/radium/radium.out
154
157 When Radium is configured to run as a daemon, with the -d option,
158 Radium can store its pid in a file, to aid in managing the running dae‐
159 mon. However, creating a system pid file requires priviledges that may
160 not be appropriate for all cases.
161 When configured to generate a pid file, if Radium cannot create the pid
163 file, it will fail to run. This variable is available to override the
164 default, in case this gets in your way.
165 The default value is to generate a pid.
167 No Commandline equivalent
169 RADIUM_SET_PID=yes
171
175 Radium can correct for time synchronization problems that may exist
176 between data sources. If configured to do so, radium will adjust all
177 the timestamps in records by the calculated drift between radium and
178 its many data sources. Records whose timevalues have been 'corrected'
179 are marked so that subsequent readers can differentiate between true
180 primitive time and modified time.
181 Commandline equivalent -T
183 RADIUM_ADJUST_TIME=no
185
188 Radium will periodically report on a its own health, providing inter‐
189 face status, total packet and bytes counts, packet drop rates, and flow
190 oriented statistics.
191 These records can be used as "keep alives" for periods when there is no
193 network traffic to be monitored.
194 The default value is 300 seconds, but a value of 60 seconds is very
196 common.
197 Commandline equivalent -M
199 RADIUM_MAR_STATUS_INTERVAL=60
201
204 If compiled to support this option, Radium is capable of generating a
205 lot of debug information.
206 The default value is zero (0).
208 Commandline equivalent -D
210 RADIUM_DEBUG_LEVEL=0
212
215 Radium uses the packet filter capabilities of libpcap. If there is a
216 need to not use the libpcap filter optimizer, you can turn it off here.
217 The default is to leave it on.
218 Commandline equivalent -O
220 RADIUM_FILTER_OPTIMIZER=yes
222
225 You can provide a filter expression here, if you like. It should be
226 limited to 2K in length. The default is to not filter.
227 No Commandline equivalent
229 RADIUM_FILTER=""
231
235 Radium supports chroot(2) in order to control the file system that
236 radium exists in and can access. Generally used when radium is running
237 with privleges, this limits the negative impacts that radium could
238 inflict on its host machine.
239 This option will cause the output file names to be relative to this
241 directory, and so consider this when trying to find your output files.
242 Commandline equivalent -C
244 RADIUM_CHROOT_DIR=""
246
250 Radium can be directed to change its user id using the setuid() system
251 call. This is can used when radium is started as root, in order to
252 access privleged resources, but then after the resources are opened,
253 this directive will cause radium to change its user id value to a
254 'lesser' capable account. Recommended when radium is running as a dae‐
255 mon.
256 Commandline equivalent -u
258 RADIUM_SETUSER_ID="user"
260
263 Radium can be directed to change its group id using the setgid() system
264 call. This is can used when radium is started as root, in order to
265 access privleged resources, but then after the resources are opened,
266 this directive can be used to change argu's group id value to a
267 'lesser' capable account. Recommended when radium is running as a dae‐
268 mon.
269 Commandline equivalent -g
271 RADIUM_SETGROUP_ID="group"
273
277 Radium can be used to label records as they are distributed. This can
278 be used to classify flow records, or simply to mark them for post pro‐
279 cessing purposes.
280 When provided with a ralabel.conf formatted file, radium will label all
282 matching records.
283 Commandline equivalent none
285 RADIUM_CLASSIFIER_FILE=/usr/local/argus/ralabel.conf
287
291 Radium has a correlation function, where flow data from multiple
292 source's can be compared and 'correlateda.
293 This function is enabled with a single radium configuration keyword
295 RADIUM_CORRELATE="yes". With this variable set, radium(). will buffer
296 incoming data to generate delay, and will correlate data from multiple
297 sources with an event window of about 3 seconds. Data that is match‐
298 able, which means that it has the same flow identifiers, or the same
299 hints, will treated as if they were "observed" by multiple probes, and
300 merged.
301 Commandline equivalent none
303 RADIUM_CORRELATE="no"
305
308 Copyright (c) 2000-2016 QoSient All rights reserved.
309
312 radium(8)
313radium.conf 3.0.8 07 November 2000 RADIUM.CONF(1)