Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RADIUM.CONF(1)		    General Commands Manual		RADIUM.CONF(1)

NAME
       radium.conf - radium resource file.

SYNOPSIS
       radium.conf

DESCRIPTION
       Radium will open	this radium.conf if its	installed as /etc/radium.conf.
       It  will	also search for	this file as radium.conf in directories	speci-
       fied  in	 $RADIUMPATH,  or  $RADIUMHOME,	 $RADIUMHOME/lib,  or	$HOME,
       $HOME/lib,  and parse it	to set common configuration options.  All val-
       ues in this file	can be overriden by command  line  options,  or	 other
       files of	this format that can be	read in	using the -F option.

Variable Syntax
       Variable	assignments must be of the form:
	 VARIABLE=
       with  no	white space between the	VARIABLE and the '=' sign.  Quotes are
       optional	for string arguments, but if you want to embed comments,  then
       quotes are required.

RADIUM_DAEMON
       Radium  is  capable  of running as a daemon, doing all the right	things
       that daemons do.	 When this configuration is used for the system	daemon
       process,	say for	/etc/radium.conf,  this	 variable  should  be  set  to
       "yes".

       The default value is to not run as a daemon.

       This  example  is  to support the ./support/Startup/radium script which
       requires	that this variable be set to "yes".

       Commandline equivalent  -d

       RADIUM_DAEMON=no

RADIUM_MONITOR_ID
       Radium Monitor Data is uniquely identifiable based on the source	 iden-
       tifier that is included in each output record.  This is to allow	you to
       work  with  Argus Data from multiple monitors at	the same time.	The ID
       is 32 bits long,	and supports a number of formats as legitimate values.
       Radium supports unsigned	ints, IPv4 addresses and 4 bytes  strings,  as
       values.

       The formats are discerned from the values provided.  Double-quoted val-
       ues  are	 treated  as strings, and are truncated	to 4 characters.  Non-
       quoted values are tested	for whether they are hostnames,	 and  if  not,
       then they are tested wheter they	are numbers.

       The  configuration  allows  for you to use host names, however, do have
       some understanding how `hostname` will be resolved  by  the  nameserver
       before commiting	to this	strategy completely.

       For  convenience, argus supports	the notion of "`hostname`" for assign-
       ing the probe's id.  This is to support	management  of	large  deploy-
       ments,  so  you	can  have  one argus.conf file that works for a	lot of
       probes.

       For security, argus does	not rely on system programs, like  hostname.1.
       It  implements  the logic of hostname itself, so	don't try to run arbi-
       trary programs using this method, because it won't work.

       Commandline equivalent	-e

       RADIUM_MONITOR_ID=`hostname`    // IPv4 address	returned  RADIUM_MONI-
       TOR_ID=10.2.45.3	    // IPv4 address RADIUM_MONITOR_ID=2435	    //
       Number RADIUM_MONITOR_ID="en0"	      // String

RADIUM_ARGUS_SERVER
       Radium  can  attach  to any number of remote argus servers, and collect
       argus data in real time.	 The syntax for	this variable is a hostname or
       a dot notation IP address, followed by an optional  port	 value,	 sepa-
       rated by	a ':'.	If the port is not specified, the default value	of 561
       is used.

       Commandline equivalent	-S <host[:port]>

       RADIUM_ARGUS_SERVER=localhost:561

RADIUM_CISCONETFLOW_PORT
       Radium  can  read  Cicso	 Netflow  records directly from	Cisco routers.
       Specifying this value will alert	Radium to open a UDP based socket lis-
       tening for data from this name or address.

       Commandline equivalent	-C

       RADIUM_CISCONETFLOW_PORT=9996

RADIUM_USER_AUTH, RADIUM_AUTH_PASS
       When argus is compiled with SASL	support, ra* clients may  be  required
       to  authenticate	 to  the argus server before the argus will accept the
       connection.  This variable will allow one to set	the  user  and	autho-
       rization	 id's,	if needed.  Although not recommended you can provide a
       password	through	the RADIUM_AUTH_PASS variable.	The  format  for  this
       variable	is:

       Commandline equivalent	-U

       RADIUM_USER_AUTH=user_id/authorization_id RADIUM_AUTH_PASS=the_password

RADIUM_ACCESS_PORT
       Radium monitors can provide a real-time remote access port for collect-
       ing Radium data.	 This is a TCP based port service and the default port
       number is tcp/561, the "experimental monitor" service.  This feature is
       disabled	by default, and	can be forced off by setting it	to zero	(0).

       When  you  do want to enable this service, 561 is a good	choice,	as all
       ra* clients are configured to try this port by default.

       Commandline equivalent  -P

       RADIUM_ACCESS_PORT=561

RADIUM_BIND_IP
       When remote access is enabled (see above), you can specify that	Radium
       should  bind  only to a specific	IP address.  This is useful, for exam-
       ple, in restricting access to the local host, or	binding	to  a  private
       interface  while	 capturing from	another. The default is	to bind	to any
       IP address.

       Commandline equivalent  -B

       RADIUM_BIND_IP="127.0.0.1"

RADIUM_OUTPUT_FILE
       Radium can write	its output to one or a number of files,	default	 limit
       is 5 concurrent files, each with	their own independant filters.

       The format is:
	    RADIUM_OUTPUT_FILE=/full/path/file/name
	    RADIUM_OUTPUT_FILE=/full/path/file/name "filter"

       Most sites will have radium write to a file, for	reliablity and perfor-
       mance.  The example file	name is	used here as supporting	programs, such
       as ./support/Archive/radiumarchive are configured to use	this file.

       Commandline equivalent  -w

       RADIUM_OUTPUT_FILE=/var/log/radium/radium.out

RADIUM_SET_PID
       When  Radium  is	configured to run as a daemon, with the	-d option, Ra-
       dium can	store its pid in a file, to aid	in managing the	 running  dae-
       mon.  However, creating a system	pid file requires priviledges that may
       not be appropriate for all cases.

       When configured to generate a pid file, if Radium cannot	create the pid
       file,  it will fail to run.  This variable is available to override the
       default,	in case	this gets in your way.

       The default value is to generate	a pid.

       No Commandline equivalent

       RADIUM_SET_PID=yes

RADIUM_ADJUST_TIME
       Radium can correct for time synchronization problems that may exist be-
       tween data sources.  If configured to do	so, radium will	adjust all the
       timestamps in records by	the calculated drift between  radium  and  its
       many  data sources.  Records whose timevalues have been 'corrected' are
       marked so that subsequent readers can differentiate between true	primi-
       tive time and modified time.

       Commandline equivalent	-T

       RADIUM_ADJUST_TIME=no

RADIUM_MAR_STATUS_INTERVAL
       Radium will periodically	report on a its	own health,  providing	inter-
       face status, total packet and bytes counts, packet drop rates, and flow
       oriented	statistics.

       These records can be used as "keep alives" for periods when there is no
       network traffic to be monitored.

       The  default  value  is	300 seconds, but a value of 60 seconds is very
       common.

       Commandline equivalent	-M

       RADIUM_MAR_STATUS_INTERVAL=60

RADIUM_DEBUG_LEVEL
       If compiled to support this option, Radium is capable of	 generating  a
       lot of debug information.

       The default value is zero (0).

       Commandline equivalent  -D

       RADIUM_DEBUG_LEVEL=0

RADIUM_FILTER_OPTIMIZER
       Radium  uses  the packet	filter capabilities of libpcap.	 If there is a
       need to not use the libpcap filter optimizer, you can turn it off here.
       The default is to leave it on.

       Commandline equivalent  -O

       RADIUM_FILTER_OPTIMIZER=yes

RADIUM_FILTER
       You can provide a filter	expression here, if you	like.	It  should  be
       limited to 2K in	length.	 The default is	to not filter.

       No Commandline equivalent

       RADIUM_FILTER=""

RADIUM_CHROOT_DIR
       Radium  supports	chroot(2) in order to control the file system that ra-
       dium exists in and can access.  Generally used when radium  is  running
       with  privleges,	this limits the	negative impacts that radium could in-
       flict on	its host machine.

       This option will	cause the output file names to be relative to this di-
       rectory,	and so consider	this when trying to find your output files.

       Commandline equivalent	-C

       RADIUM_CHROOT_DIR=""

RADIUM_SETUSER_ID
       Radium can be directed to change	its user id using the setuid()	system
       call.  This is can used when radium is started as root, in order	to ac-
       cess privleged resources, but then after	the resources are opened, this
       directive  will	cause radium to	change its user	id value to a 'lesser'
       capable account.	 Recommended when radium is running as a daemon.

       Commandline equivalent	-u

       RADIUM_SETUSER_ID="user"

RADIUM_SETGROUP_ID
       Radium can be directed to change	its group id using the setgid()	system
       call.  This is can used when radium is started as root, in order	to ac-
       cess privleged resources, but then after	the resources are opened, this
       directive can be	used to	change argu's group id value to	a 'lesser' ca-
       pable account.  Recommended when	radium is running as a daemon.

       Commandline equivalent	-g

       RADIUM_SETGROUP_ID="group"

RADIUM_CLASSIFIER_FILE
       Radium can be used to label records as they are distributed.  This  can
       be  used	to classify flow records, or simply to mark them for post pro-
       cessing purposes.

       When provided with a ralabel.conf formatted file, radium	will label all
       matching	records.

       Commandline equivalent	none

       RADIUM_CLASSIFIER_FILE=/usr/local/argus/ralabel.conf

RADIUM_CORRELATE
       Radium has a  correlation  function,  where  flow  data	from  multiple
       source's	can be compared	and 'correlateda.

       This function is	enabled	with a single radium configuration keyword RA-
       DIUM_CORRELATE="yes".   With  this variable set,	radium().  will	buffer
       incoming	data to	generate delay,	and will correlate data	from  multiple
       sources	with  an event window of about 3 seconds.  Data	that is	match-
       able, which means that it has the same flow identifiers,	 or  the  same
       hints,  will treated as if they were "observed" by multiple probes, and
       merged.

	Commandline equivalent	 none

       RADIUM_CORRELATE="no"

COPYRIGHT
       Copyright (c) 2000-2016 QoSient	All rights reserved.

SEE ALSO
       radium(8)

radium.conf 3.0.8	       07 November 2000			RADIUM.CONF(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=radium.conf&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help