radium - argus record multiplexor
] [ raoptions
is a real-time Argus Record multiplexor that processes Argus
records and Netflow records and outputs them to any number of client programs
and files. Radium
is a combination of the features of ra.1 and argus.8,
supporting access for upto 128 client programs to argus records originating
from remote data sources and/or local managed argus data files. Using
you can construct complex distribution networks for collecting
and processing argus data, and providing a single point of access to archived
Designed to run as a daemon, radium
generally reads argus records
directly from a remote argus, and writes the transaction status information to
a log file or open socket connected to an argus
client (such as
provides the same data access controls as
argus.8, including remote filtering, source address based access control,
indivual oriented strong authentication and confidentiality protection for the
distributed data, using SASL
refer to the INSTALL and README files for each distribution for a complete
is normally configured from a system /etc/radium.conf
configuration file, or from a configuration file either in the
directory, or specified on the command line.
Radium, like all ra based clients, supports a number of ra options
including remote data access, reading from multiple files and filtering of
input argus records through a terminating filter expression. radium(8)
specific options are:
- -B <addr>
- Specify the bind interface address for remote access.
Acceptable values are IP version 4 addresses. The default is to bind to
- Run radium as a daemon. This will cause radium to do the
things that Unix daemons do and return, if there were no errors, with
radium running as a detached process.
- -e <value>
- Specify the source identifier for this radium.
Acceptable values are numbers, hostnames or ip address.
- -f <radium.conf>
- Use radium.conf as a source of configuration
information. Options set in this file override any other specification,
and so this is the last word on option values. This file is read after the
system /etc/radium.conf file is processed. See radium.conf.5 for
the configuration file format.
- Turn off Berkeley Packet Filter optimizer. No reason to do
this unless you think the optimizer generates bad code.
- Override the persistent connection facility. Radium
provides a fault tolerant feature for its remote argus data access
facility. If the remote argus data source closes, radium will
maintain its client connections, and attempt to reestablish its connection
with remote source. This option overrides this behavior, causing
radium to terminate if any of its remote sources closes.
- -P <portnum>
- Specifies the <portnum> for remote client
connection. The default is to not support remote access. Setting the value
to zero (0) will forceably turn off the facility.
- <host[:port][//full/path/to/argus.data.file]> Attach
to a specific remote host to receive argus records. Append an
optional port specifier to attach to a port value other than the default
561. Without the optional full pathname, radium will continuously
transmit a stream of real-time flow records as they are received. With the
optional filename, radium will open the argus datafile specified,
and stream the contents, closing the connection with the file EOF.
- -T threshold[smh] (secs)
- Indicate that radium should correct the timestamps
of received argus records, if they are out of sync by threshold
secconds. Threshold can be specified with the extensions s, m, or h for
seconds, minutes or hours. -X Clear existing radium configuration.
This removes any initialization done prior to encountering this flag.
Allows you to eliminate the effects of the /etc/radium.conf file,
or any radium.conf files that may have been loaded.
catches a number of signal(3)
events. The three signals
, and SIGTERM
writing TIMEDOUT status records for all currently active transactions. The
will turn on debug
reporting, and subsequent
signals, will increment the debug-level
. The signal
will cause radium
to turn off all debug
$RADIUMHOME - Radium Root directory
$RADIUMPATH - Radium.conf search path (/etc:$RADIUMHOME:$HOME)
/etc/radium.conf - radium daemon configuration file
/var/run/radium.#.#.pid - PID file
as a daemon, reading records from a remote host, using port
561, and writing all its transaction status reports to output-file
This is a typical mode.
radium -S remotehost:561 -d -e `hostname` -w output-file
Collect records from multiple argi, using port 561 on one and port 430 on the
other, and make all of these records available to other programs on port 562.
radium -S host1:561 -S host2:430 -de `hostname` -P 562
Collect records from multiple Cisco Netflow sources, using the default port, and
make the resulting argus records available on port 562.
radium -C -S host1 -S host2 -de `hostname` -P 562
Radium supports both input filtering and output filtering, and radium supports
multiple output streams, each with their own independant filters.
If you are interested in distributing IP traffic only (input filter) and want to
separate traffic into differing files based on traffic type, this simple
example separates ICMP traffic from other traffic.
radium -w file1 "icmp" -w file2 "not icmp" - ip
Audit the network activity that is flowing between the two gateway routers,
whose ethernet addresses are 00:08:03:2D:42:01 and 00:00:0C:18:29:F1. Make
records available to other programs through port 430/tcp.
radium -S source -P 430 - ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &
Process argus records from a remote source only between 9am and 5pm every day
and provide access to this stream on port 562.
radium -S remotehost -t 9-17 -P 562
Copyright (c) 2000-2016 QoSient, LLC All rights reserved.
Carter Bullard (email@example.com)