Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
sratunnel(1)		    General Commands Manual		  sratunnel(1)

NAME
       sratunnel -- SIE	Remote Access (SRA) Tunnel

SYNOPSIS
       sratunnel [-dhIOptVuz] -c channel -o out-addr -s	SRA-server -w watch
		 [-A	interval]   [-E	  ciphers]   [-C   count]   [-k	  cmd]
		 [-m   sampling-rate]	[-n    config-file]    [-P    pidfile]
		 [-r rate-limit] [-T secs] [-Z size]

DESCRIPTION
       sratunnel  transfers  selected Security Information Exchange (SIE) data
       from remote servers to the local	network.  The connection to the	server
       is created and restored after problems with binary  exponential	delays
       between retries.

       sratunnel  is a tool for	tunneling SIE data using the Advanced Exchange
       Access (AXA) protocol. It also demonstrates the use of the  AXA	helper
       library,	libaxa.a.

   OPTIONS
       The following arguments are available:

       -A interval
	    specifies  the  accounting interval. Every interval	seconds	an ac-
	    counting request will be made to server and	the  results  will  be
	    emitted  to	 stdout.  When	specifying this	mode, you also need to
	    specify -d at the command line.

       -C count
	    stop sratunnel or (with -k specified) close	the current output and
	    reopen a new output	after count payloads have been processed.

       -c channel
	    There must be at least one -c argument naming an SIE channel  that
	    server will	watch for interesting nmsg messages or IP packets.

	    Channels are specified as chXX or all

       -d   enable debugging reports or	increase them after the	first -d.

       -E ciphers
	    specifies a	list ciphers for TLS connections.

       -h   display options summary.

       -I   enables  insecure  mode  for  apikey authentication. When enabled,
	    client connections will not	be performed via TLS.

       -k cmd
	    enables kicker mode	and makes -C , -T or -Z	 continuous.  In  this
	    mode output	file names are suffixed	with a timestamp and sratunnel
	    runs  continuously,	rotating output	files as payload counts	or the
	    output file	size exceeds a threshold  or  time  intervals  expire.
	    cmd	 specifies  the	command	to run on output files after rotation.
	    If cmd is set to the empty string '', then no command is  executed
	    and	only file rotation is performed.

	    This option	must be	combined with either -C	, -T or	-Z.  Only nmsg
	    file-based outputs are supported.

       -m sampling-rate
	    specifies  the sampling rate. Sets the percentage (between 0.1 and
	    100.0) that	the SRA	server will send.

       -n config-file
	    specify location for AXA client configuration file.

       -O   enable a spinning bar output indicator on stdout.

       -p   append output to specified file (only valid	 for  nmsg  file-based
	    outputs).

       -o out-addr
	    specifies the destination of the SIE data.	It can be forwarded as
	    nmsg messages to a UDP or TCP port or as raw IP packets to a file,
	    FIFO, or network interface.

	    nmsg:[tcp:|udp:]host,port
		  sends	nmsg messages to the UDP or optional TCP host name and
		  port	number host,port.  UDP is the default.	IP packets are
		  converted to NMSG messages.

	    nmsg:file:path
		  sends	binary nmsg messages to	the file named path.  IP pack-
		  ets are converted to nmsg messages.

	    nmsg:file_json:path
		  sends	nmsg newline-delimited json blobs to  the  file	 named
		  path.	  Note that newline-delimited json outputs can incur a
		  slight performance penalty versus binary  nmsg  outputs  for
		  "high-velocity" outputs. This	is because the underlying nmsg
		  json	output	object	is unbuffered and results a filesystem
		  write	for every forwarded nmsg.

	    pcap[-fifo]:path
		  sends	IP packets to a	file or	FIFO named path	 for  examina-
		  tion with tcpdump(1) or another packet tracing tool.	An or-
		  dinary  file	is  the	default.  Only IP packets but not nmsg
		  messages are sent.

	    pcap-if:[dst/]ifname
		  transmits IP packets on the network interface	 named	ifname
		  for  examination  with  tcpdump(1) or	another	packet tracing
		  tool.	 dst optionally	specifies a destination	48-bit	Ether-
		  net address other than all 0:0:0:0:0:0 default.  This	output
		  usually  requires  that  sratunnel  be run by	root.  Only IP
		  packets but not nmsg messages	are sent.

       -P pidfile
	    will result	in the current PID  being  written  to	pidfile.   The
	    file will be deleted upon program exit.

       -r rate-limit
	    tells  the	server to send at most rate-limit SIE messages and raw
	    IP packets per second.

       -s server
	    specifies the server that is the source  of	 the  SIE  data.   The
	    server can be specified with any of	the following:

	    alias
		  Connect  to  a  server using an alias	shortcut mnemonic (see
		  FILES	section	for more information).

	    apikey:<users_apikey>@host,port
		  Identify and authenticate the	user via a  Farsight  Security
		  provided  apikey. The	connection will	be encrypted using the
		  TLS protocol.

	    tcp:user@host,port
		  The connection will be made with the host name or IP address
		  and port number using	clear text over	TCP/IP.

	    unix:user@/ud/socket
		  This connection uses a UNIX domain socket connected to a lo-
		  cal server.

       -T secs
	    stop sratunnel or (with -k specified) close	the current output and
	    reopen a new output	on a time interval modulo the secs  parameter.
	    For	example, -t 3600 means an hour after started or	reopened.

       -t   enable  tracing  reports  on the server or increase	them after the
	    first -t.

       -V   displays the version of sratunnel and its preferred	version	of the
	    AXA	protocol.

       -w watch
	    There must be at least one -w with an SRA or RAD watch to  specify
	    the	interesting SIE	messages or IP packets.

	    ip=IP[/n]	 The  IPv4 or IPv6 address IP specifies	a host address
			 unless	a prefix length	is specified.

	    dns=[*.]dom	 watches for the domain	anywhere in the	IP packets  or
			 SIE  messages	on  the	enabled	channels.  A wild card
			 watches for occurrences of the	domain and all sub-do-
			 mains.

	    ch=all
	    ch=chN	 selects SIE messages or IP packets on	the  specified
			 channel number	or all channels.

	    errors	 selects  SIE messages or IP packets that could	not be
			 decoded.   Errors  can	 also  include	nmsg  process-
			 ing/field  decoding  errors, malformed	or excessively
			 long DNS names, errors	encountered  at	 the  datalink
			 level,	and unexpected address family types.

       -u   disable nmsg output	buffering.

       -z   enable nmsg	zlib container compression.

       -Z size
	    stop sratunnel or (with -k specified) close	the current output and
	    reopen  a  new output after	the output file	meets or exceeds size.
	    This mode may only be used with file-based outputs.	 Additionally,
	    because  nmsg-based	 file  outputs	are by default buffered, it is
	    recommended	when writing to	one that this option be	 used  in  un-
	    buffered mode ( -u ).

EXAMPLES
       The  following  sends all new domain reports on channel 213 seen	by the
       SRA server at example.com to the	local UDP port 8000 on 127.0.0.1:

	   $ sratunnel -s apikey:<yourapikey>@example.com,49500	-o nmsg:127.1,8000 \
		   -c ch213 -w ch=ch213

       Beware of specifying more data than will	fit in the TCP/IP  connections
       between the server and sratunnel.

FILES
       ~/.axa/config
	       contains	AXA client configuration data. Currently supported are
	       connection  aliases  that  provide  the user with a facility to
	       create shortcut mnemonics to specify the	SRA server  connection
	       string. For example:

		   $ cat ~/.axa/config
		   # SRA
		   alias:sra-apikey=apikey:<yourapikey>@example.com,49500

	       If  the	user  wanted to	connect	to SRA,	she would only have to
	       remember	"sra-apikey" and could do:

		   $ sratunnel -s sra-apikey ...

	       This config file	is shared for  sratunnel,  radtunnel,  sratool
	       and  radtool.  Because this file	can contain sensitive informa-
	       tion such as apikeys, it	must not be readable or	 writeable  to
	       anybody other than "owner" or sratunnel will not	load.

ENVIRONMENT VARIABLES
       If  set,	 AXACONF  specifies the	AXA configuration directory instead of
       the default, ~/.axa or /usr/local/etc/axa.

SIGNALS
       On operating systems that support  SIGINFO  (including  BSDish  systems
       like FreeBSD and	macOS),	the user can type "ctrl-t" at the command line
       during  a  running sratunnel process and	get information	about the ses-
       sion. For example:

	   ^Tsra connected, sent 4 messages, received 176 messages, 176	hits

       Note that by default, an	additional line	of information is  printed  by
       the kernel (system load and process information):

	   ^Tload: 1.39	 cmd: sratunnel	7060 running 0.06u 0.00s
	   sra connected, sent 4 messages, received 304	messages, 304 hits

       This can	be disabled via: stty nokerninfo. Example:

	   $ sratunnel -A 10 -d	-s sra-apikey...
	   connecting to sra-apikey...
	   ^Tload: 1.39	 cmd: sratunnel	7060 running 0.06u 0.00s
	   sra connected, sent 4 messages, received 304	messages, 304 hits
	   ^C
	   $ stty nokerninfo
	   $ sratunnel -A 10 -d	-s sra-apikey...
	   connecting to sra-apikey...
	   ^Tsra connected, sent 4 messages, received 176 messages, 176	hits
	   ^Tsra connected, sent 4 messages, received 416 messages, 416	hits

SEE ALSO
       radtunnel(1), sratool(1), radtool(1), mkfifo(1),	and nmsgtool(1).

				April 12, 2025			  sratunnel(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sratunnel&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help