Provided by: argus-client_3.0.8.2-3_amd64 bug

NAME

       radium.conf - radium resource file.

SYNOPSIS

       radium.conf

DESCRIPTION

       Radium  will  open  this  radium.conf  if its installed as /etc/radium.conf.  It will also
       search  for  this  file  as  radium.conf  in  directories  specified  in  $RADIUMPATH,  or
       $RADIUMHOME,   $RADIUMHOME/lib,   or   $HOME,  $HOME/lib,  and  parse  it  to  set  common
       configuration options.  All values in this file can be overriden by command line  options,
       or other files of this format that can be read in using the -F option.

Variable Syntax

       Variable assignments must be of the form:
         VARIABLE=
       with no white space between the VARIABLE and the '=' sign.  Quotes are optional for string
       arguments, but if you want to embed comments, then quotes are required.

RADIUM_DAEMON

       Radium is capable of running as a daemon, doing all the  right  things  that  daemons  do.
       When  this  configuration is used for the system daemon process, say for /etc/radium.conf,
       this variable should be set to "yes".

       The default value is to not run as a daemon.

       This example is to support the ./support/Startup/radium script which  requires  that  this
       variable be set to "yes".

       Commandline equivalent  -d

       RADIUM_DAEMON=no

RADIUM_MONITOR_ID

       Radium  Monitor  Data  is  uniquely  identifiable  based  on the source identifier that is
       included in each output record.  This is to  allow  you  to  work  with  Argus  Data  from
       multiple  monitors  at  the  same  time.  The ID is 32 bits long, and supports a number of
       formats as legitimate values. Radium supports unsigned ints, IPv4 addresses  and  4  bytes
       strings, as values.

       The  formats  are discerned from the values provided.  Double-quoted values are treated as
       strings, and are truncated to 4 characters.  Non-quoted values are tested for whether they
       are hostnames, and if not, then they are tested wheter they are numbers.

       The  configuration  allows  for you to use host names, however, do have some understanding
       how `hostname` will be resolved by  the  nameserver  before  commiting  to  this  strategy
       completely.

       For  convenience,  argus supports the notion of "`hostname`" for assigning the probe's id.
       This is to support management of large deployments, so you can have  one  argus.conf  file
       that works for a lot of probes.

       For  security, argus does not rely on system programs, like hostname.1.  It implements the
       logic of hostname itself, so don't try  to  run  arbitrary  programs  using  this  method,
       because it won't work.

       Commandline equivalent   -e

       RADIUM_MONITOR_ID=`hostname`      //  IPv4  address  returned  RADIUM_MONITOR_ID=10.2.45.3
       //  IPv4  address  RADIUM_MONITOR_ID=2435            //   Number   RADIUM_MONITOR_ID="en0"
       // String

RADIUM_ARGUS_SERVER

       Radium  can  attach  to any number of remote argus servers, and collect argus data in real
       time.  The syntax for this variable is a hostname or a dot notation IP  address,  followed
       by  an optional port value, separated by a ':'.  If the port is not specified, the default
       value of 561 is used.

       Commandline equivalent   -S <host[:port]>

       RADIUM_ARGUS_SERVER=localhost:561

RADIUM_CISCONETFLOW_PORT

       Radium can read Cicso Netflow records directly from Cisco routers.  Specifying this  value
       will alert Radium to open a UDP based socket listening for data from this name or address.

       Commandline equivalent   -C

       RADIUM_CISCONETFLOW_PORT=9996

RADIUM_USER_AUTH, RADIUM_AUTH_PASS

       When  argus  is compiled with SASL support, ra* clients may be required to authenticate to
       the argus server before the argus will accept the connection.  This  variable  will  allow
       one  to  set the user and authorization id's, if needed.  Although not recommended you can
       provide a password through the RADIUM_AUTH_PASS variable.  The format  for  this  variable
       is:

       Commandline equivalent   -U

       RADIUM_USER_AUTH=user_id/authorization_id RADIUM_AUTH_PASS=the_password

RADIUM_ACCESS_PORT

       Radium  monitors  can  provide  a real-time remote access port for collecting Radium data.
       This is a TCP based port service and the default port number is tcp/561, the "experimental
       monitor"  service.   This feature is disabled by default, and can be forced off by setting
       it to zero (0).

       When you do want to enable this service, 561 is a good choice,  as  all  ra*  clients  are
       configured to try this port by default.

       Commandline equivalent  -P

       RADIUM_ACCESS_PORT=561

RADIUM_BIND_IP

       When remote access is enabled (see above), you can specify that Radium should bind only to
       a specific IP address.  This is useful, for example, in restricting access  to  the  local
       host,  or  binding  to a private interface while capturing from another. The default is to
       bind to any IP address.

       Commandline equivalent  -B

       RADIUM_BIND_IP="127.0.0.1"

RADIUM_OUTPUT_FILE

       Radium can write its output to one or a number of files, default  limit  is  5  concurrent
       files, each with their own independant filters.

       The format is:
            RADIUM_OUTPUT_FILE=/full/path/file/name
            RADIUM_OUTPUT_FILE=/full/path/file/name "filter"

       Most  sites will have radium write to a file, for reliablity and performance.  The example
       file name is used here as supporting programs, such as ./support/Archive/radiumarchive are
       configured to use this file.

       Commandline equivalent  -w

       RADIUM_OUTPUT_FILE=/var/log/radium/radium.out

RADIUM_SET_PID

       When Radium is configured to run as a daemon, with the -d option, Radium can store its pid
       in a file, to aid in managing the running daemon.  However, creating  a  system  pid  file
       requires priviledges that may not be appropriate for all cases.

       When configured to generate a pid file, if Radium cannot create the pid file, it will fail
       to run.  This variable is available to override the default, in case  this  gets  in  your
       way.

       The default value is to generate a pid.

       No Commandline equivalent

       RADIUM_SET_PID=yes

RADIUM_ADJUST_TIME

       Radium  can correct for time synchronization problems that may exist between data sources.
       If configured to do so, radium will adjust all the timestamps in records by the calculated
       drift  between  radium  and  its  many  data  sources.  Records whose timevalues have been
       'corrected' are marked so that subsequent readers can differentiate between true primitive
       time and modified time.

       Commandline equivalent   -T

       RADIUM_ADJUST_TIME=no

RADIUM_MAR_STATUS_INTERVAL

       Radium  will  periodically  report  on a its own health, providing interface status, total
       packet and bytes counts, packet drop rates, and flow oriented statistics.

       These records can be used as "keep alives" for periods when there is no network traffic to
       be monitored.

       The default value is 300 seconds, but a value of 60 seconds is very common.

       Commandline equivalent   -M

       RADIUM_MAR_STATUS_INTERVAL=60

RADIUM_DEBUG_LEVEL

       If  compiled  to  support  this  option,  Radium  is  capable of generating a lot of debug
       information.

       The default value is zero (0).

       Commandline equivalent  -D

       RADIUM_DEBUG_LEVEL=0

RADIUM_FILTER_OPTIMIZER

       Radium uses the packet filter capabilities of libpcap.  If there is a need to not use  the
       libpcap filter optimizer, you can turn it off here.  The default is to leave it on.

       Commandline equivalent  -O

       RADIUM_FILTER_OPTIMIZER=yes

RADIUM_FILTER

       You  can  provide  a  filter  expression here, if you like.  It should be limited to 2K in
       length.  The default is to not filter.

       No Commandline equivalent

       RADIUM_FILTER=""

RADIUM_CHROOT_DIR

       Radium supports chroot(2) in order to control the file system that radium  exists  in  and
       can  access.   Generally  used  when  radium  is  running  with privleges, this limits the
       negative impacts that radium could inflict on its host machine.

       This option will cause the output file names to be relative  to  this  directory,  and  so
       consider this when trying to find your output files.

       Commandline equivalent   -C

       RADIUM_CHROOT_DIR=""

RADIUM_SETUSER_ID

       Radium  can be directed to change its user id using the setuid() system call.  This is can
       used when radium is started as root, in order to  access  privleged  resources,  but  then
       after  the  resources  are  opened, this directive will cause radium to change its user id
       value to a 'lesser' capable account.  Recommended when radium is running as a daemon.

       Commandline equivalent   -u

       RADIUM_SETUSER_ID="user"

RADIUM_SETGROUP_ID

       Radium can be directed to change its group id using the setgid() system call.  This is can
       used  when  radium  is  started  as root, in order to access privleged resources, but then
       after the resources are opened, this directive can be used to change argu's group id value
       to a 'lesser' capable account.  Recommended when radium is running as a daemon.

       Commandline equivalent   -g

       RADIUM_SETGROUP_ID="group"

RADIUM_CLASSIFIER_FILE

       Radium can be used to label records as they are distributed.  This can be used to classify
       flow records, or simply to mark them for post processing purposes.

       When provided with a ralabel.conf formatted file, radium will label all matching records.

       Commandline equivalent   none

       RADIUM_CLASSIFIER_FILE=/usr/local/argus/ralabel.conf

RADIUM_CORRELATE

       Radium has a correlation function, where flow data from multiple source's can be  compared
       and 'correlateda.

       This    function    is    enabled    with    a   single   radium   configuration   keyword
       RADIUM_CORRELATE="yes".  With this variable set, radium().  will buffer incoming  data  to
       generate  delay,  and  will  correlate  data from multiple sources with an event window of
       about 3 seconds.  Data  that  is  matchable,  which  means  that  it  has  the  same  flow
       identifiers,  or  the  same  hints,  will  treated  as if they were "observed" by multiple
       probes, and merged.

        Commandline equivalent   none

       RADIUM_CORRELATE="no"

COPYRIGHT

       Copyright (c) 2000-2016 QoSient  All rights reserved.

SEE ALSO

       radium(8)