Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RADIUM(8)		    System Manager's Manual		     RADIUM(8)

       radium -	argus record multiplexor

       radium [	options	] [ raoptions ]

       Radium  is  a  real-time	 Argus Record multiplexor that processes Argus
       records and Netflow records and outputs them to any  number  of	client
       programs	 and  files.   Radium is a combination of the features of ra.1
       and argus.8, supporting access for upto 128 client  programs  to	 argus
       records originating from	remote data sources and/or local managed argus
       data files.  Using radium you can construct complex  distribution  net-
       works  for collecting and processing argus data,	and providing a	single
       point of	access to archived argus data.

       Designed	to run as a daemon, radium generally reads argus  records  di-
       rectly  from a remote argus, and	writes the transaction status informa-
       tion to a log file or open socket connected to an argus client (such as
       ra(1)).	 Radium	provides the same data access controls as argus.8, in-
       cluding remote filtering, source	address	based access control, indivual
       oriented	 strong	 authentication	and confidentiality protection for the
       distributed data, using SASL and	tcp_wrapper technology.	 Please	 refer
       to  the	INSTALL	 and README files for each distribution	for a complete

       Radium is normally configured from a system /etc/radium.conf configura-
       tion  file,  or from a configuration file either	in the $RADIUMHOME di-
       rectory,	or specified on	the command line.

       Radium, like all	ra based clients, supports a number of ra options  in-
       cluding	remote	data access, reading from multiple files and filtering
       of input	argus records through a	terminating  filter  expression.   ra-
       dium(8) specific	options	are:

       -B <addr>
	    Specify  the bind interface	address	for remote access.  Acceptable
	    values are IP version 4 addresses.	The default is to bind to  IN-
	    ADDR_ANY address.

       -d   Run	 radium	 as a daemon.  This will cause radium to do the	things
	    that Unix daemons do and return, if	there were no errors, with ra-
	    dium running as a detached process.

       -e <value>
	    Specify  the source	identifier for this radium.  Acceptable	values
	    are	numbers, hostnames or ip address.

       -f <radium.conf>
	    Use	radium.conf as a source	of configuration information.  Options
	    set	 in this file override any other specification,	and so this is
	    the	last word on option values. This file is read after the	system
	    /etc/radium.conf file is processed.	See radium.conf.5 for the con-
	    figuration file format.

       -O   Turn off Berkeley Packet Filter optimizer.	No reason to  do  this
	    unless you think the optimizer generates bad code.

       -p   Override  the  persistent  connection facility.  Radium provides a
	    fault tolerant feature for its remote argus	data access  facility.
	    If	the  remote argus data source closes, radium will maintain its
	    client connections,	and attempt to reestablish its connection with
	    remote  source.   This option overrides this behavior, causing ra-
	    dium to terminate if any of	its remote sources closes.

       -P <portnum>
	    Specifies the <portnum> for	remote client connection.  The default
	    is	to  not	 support remote	access.	 Setting the value to zero (0)
	    will forceably turn	off the	facility.

       -S   <host[:port][//full/path/to/]> Attach to a specific
	    remote  host  to  receive  argus  records. Append an optional port
	    specifier to attach	to a port value	other than  the	 default  561.
	    Without  the  optional  full  pathname,  radium  will continuously
	    transmit a stream of real-time flow	records	as they	are  received.
	    With  the  optional	 filename, radium will open the	argus datafile
	    specified, and stream the contents,	closing	 the  connection  with
	    the	file EOF.

       -T threshold[smh] (secs)
	    Indicate that radium should	correct	the timestamps of received ar-
	    gus	records, if they  are  out  of	sync  by  threshold  secconds.
	    Threshold can be specified with the	extensions s, m, or h for sec-
	    onds, minutes or hours.  -X	Clear existing	radium	configuration.
	    This  removes  any	initialization done prior to encountering this
	    flag.  Allows you to eliminate the effects of the /etc/radium.conf
	    file, or any radium.conf files that	may have been loaded.

       Radium catches a	number of signal(3) events.  The three signals SIGHUP,
       SIGINT, and SIGTERM cause  radium  to  exit,  writing  TIMEDOUT	status
       records for all currently active	transactions.  The signal SIGUSR1 will
       turn on debug reporting,	and subsequent SIGUSR1 signals,	will increment
       the  debug-level.  The signal SIGUSR2 will cause	radium to turn off all
       debug reporting.

       $RADIUMHOME - Radium Root directory
       $RADIUMPATH - Radium.conf search	path (/etc:$RADIUMHOME:$HOME)

       /etc/radium.conf		- radium daemon	configuration file
       /var/run/	- PID file

       Run radium as a daemon, reading records from a remote host, using  port
       561,  and  writing  all	its transaction	status reports to output-file.
       This is a typical mode.
	      radium -S	remotehost:561 -d -e `hostname`	-w output-file

       Collect records from multiple argi, using port 561 on one and port  430
       on the other, and make all of these records available to	other programs
       on port 562.
	      radium -S	host1:561 -S host2:430 -de `hostname` -P 562

       Collect records from multiple Cisco Netflow sources, using the  default
       port, and make the resulting argus records available on port 562.
	      radium -C	-S host1 -S host2 -de `hostname` -P 562

       Radium  supports	 both input filtering and output filtering, and	radium
       supports	multiple output	streams, each with their own independant  fil-

       If  you	are  interested	in distributing	IP traffic only	(input filter)
       and want	to separate traffic into  differing  files  based  on  traffic
       type, this simple example separates ICMP	traffic	from other traffic.
	      radium -w	file1 "icmp" -w	file2 "not icmp" - ip

       Audit  the  network  activity  that  is flowing between the two gateway
       routers,	  whose	  ethernet   addresses	 are   00:08:03:2D:42:01   and
       00:00:0C:18:29:F1.   Make  records  available to	other programs through
       port 430/tcp.
	      radium -S	source -P 430 -	ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &

       Process argus records from a remote source only between 9am and 5pm ev-
       ery day and provide access to this stream on port 562.
	      radium -S	remotehost -t 9-17 -P 562

       Copyright (c) 2000-2016 QoSient,	LLC   All rights reserved.

       Carter Bullard (

       radium.conf(5),	argus(8),  hosts_access(5), hosts_options(5), tcpd(8),

radium 3.0.8			21 October 2001			     RADIUM(8)


Want to link to this manual page? Use this URL:

home | help