Provided by: argus-client_3.0.8.2-6.2ubuntu5_amd64 bug

NAME
       radium - argus record multiplexor


SYNOPSIS
       radium [ options ] [ raoptions ]


DESCRIPTION
       Radium  is  a  real-time  Argus  Record  multiplexor that processes Argus records and Netflow records and
       outputs them to any number of client programs and files.  Radium is a combination of the features of ra.1
       and argus.8, supporting access for upto 128 client programs to argus records originating from remote data
       sources and/or local managed argus data files.  Using  radium  you  can  construct  complex  distribution
       networks  for  collecting  and  processing argus data, and providing a single point of access to archived
       argus data.

       Designed to run as a daemon, radium generally reads argus records  directly  from  a  remote  argus,  and
       writes the transaction status information to a log file or open socket connected to an argus client (such
       as  ra(1)).  Radium provides the same data access controls as argus.8, including remote filtering, source
       address based access control, indivual oriented strong authentication and confidentiality protection  for
       the  distributed  data,  using  SASL  and tcp_wrapper technology.  Please refer to the INSTALL and README
       files for each distribution for a complete description.

       Radium is normally configured from a system /etc/radium.conf configuration file, or from a  configuration
       file either in the $RADIUMHOME directory, or specified on the command line.


RADIUM SPECIFIC OPTIONS
       Radium,  like all ra based clients, supports a number of ra options including remote data access, reading
       from multiple files and filtering of  input  argus  records  through  a  terminating  filter  expression.
       radium(8) specific options are:


OPTIONS
       -B <addr>
            Specify the bind interface address for remote access.  Acceptable values are IP version 4 addresses.
            The default is to bind to INADDR_ANY address.

       -d   Run radium as a daemon.  This will cause radium to do the things that Unix daemons do and return, if
            there were no errors, with radium running as a detached process.

       -e <value>
            Specify  the  source  identifier  for  this  radium.  Acceptable values are numbers, hostnames or ip
            address.

       -f <radium.conf>
            Use radium.conf as a source of configuration information.  Options set in  this  file  override  any
            other  specification,  and  so  this  is the last word on option values. This file is read after the
            system /etc/radium.conf file is processed. See radium.conf.5 for the configuration file format.

       -O   Turn off Berkeley Packet Filter optimizer.  No reason to do this  unless  you  think  the  optimizer
            generates bad code.

       -p   Override  the  persistent  connection  facility.   Radium  provides a fault tolerant feature for its
            remote argus data access facility.  If the remote argus data source closes, radium will maintain its
            client connections, and attempt to reestablish its  connection  with  remote  source.   This  option
            overrides this behavior, causing radium to terminate if any of its remote sources closes.

       -P <portnum>
            Specifies  the <portnum> for remote client connection.  The default is to not support remote access.
            Setting the value to zero (0) will forceably turn off the facility.

       -S   <host[:port][//full/path/to/argus.data.file]> Attach to a specific  remote  host  to  receive  argus
            records.  Append  an  optional  port specifier to attach to a port value other than the default 561.
            Without the optional full pathname, radium will continuously transmit a  stream  of  real-time  flow
            records  as  they  are  received.   With  the optional filename, radium will open the argus datafile
            specified, and stream the contents, closing the connection with the file EOF.

       -T threshold[smh] (secs)
            Indicate that radium should correct the timestamps of received argus records, if  they  are  out  of
            sync  by threshold secconds.  Threshold can be specified with the extensions s, m, or h for seconds,
            minutes or hours.  -X Clear existing radium configuration.  This  removes  any  initialization  done
            prior  to encountering this flag.  Allows you to eliminate the effects of the /etc/radium.conf file,
            or any radium.conf files that may have been loaded.


SIGNALS
       Radium catches a number of signal(3) events.  The three signals SIGHUP, SIGINT, and SIGTERM cause  radium
       to  exit, writing TIMEDOUT status records for all currently active transactions.  The signal SIGUSR1 will
       turn on debug reporting, and subsequent SIGUSR1 signals,  will  increment  the  debug-level.  The  signal
       SIGUSR2 will cause radium to turn off all debug reporting.


ENVIRONMENT
       $RADIUMHOME - Radium Root directory
       $RADIUMPATH - Radium.conf search path (/etc:$RADIUMHOME:$HOME)


FILES
       /etc/radium.conf         - radium daemon configuration file
       /var/run/radium.#.#.pid  - PID file


EXAMPLES
       Run  radium  as  a  daemon,  reading  records  from  a  remote  host, using port 561, and writing all its
       transaction status reports to output-file.  This is a typical mode.
              radium -S remotehost:561 -d -e `hostname` -w output-file

       Collect records from multiple argi, using port 561 on one and port 430 on the  other,  and  make  all  of
       these records available to other programs on port 562.
              radium -S host1:561 -S host2:430 -de `hostname` -P 562

       Collect records from multiple Cisco Netflow sources, using the default port, and make the resulting argus
       records available on port 562.
              radium -C -S host1 -S host2 -de `hostname` -P 562

       Radium  supports  both input filtering and output filtering, and radium supports multiple output streams,
       each with their own independant filters.

       If you are interested in distributing IP traffic only (input filter) and want to  separate  traffic  into
       differing files based on traffic type, this simple example separates ICMP traffic from other traffic.
              radium -w file1 "icmp" -w file2 "not icmp" - ip

       Audit  the network activity that is flowing between the two gateway routers, whose ethernet addresses are
       00:08:03:2D:42:01 and 00:00:0C:18:29:F1.  Make records available to other programs through port 430/tcp.
              radium -S source -P 430 - ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &

       Process argus records from a remote source only between 9am and 5pm every day and provide access to  this
       stream on port 562.
              radium -S remotehost -t 9-17 -P 562


COPYRIGHT
       Copyright (c) 2000-2016 QoSient, LLC   All rights reserved.


AUTHORS
       Carter Bullard (carter@qosient.com)


SEE ALSO
       radium.conf(5), argus(8), hosts_access(5), hosts_options(5), tcpd(8), tcpdump(1)

radium 3.0.8                                     21 October 2001                                       RADIUM(8)