controlling the inclusion of user data in ra clients and other questions

Russell Fulton r.fulton at auckland.ac.nz
Sat Aug 25 04:05:14 EDT 2007


Carter has prompted me to start using radium.  I should have done this
long ago...

Anyway, I'm having a couple of problems and since they aren't specific
to radium I'll formulate them in a general way:

How do you control whether or not ra* clients write out user data to the
-w file?  Can I control what other fields are included?

What is the preferred means of rolling over files being written with -w
? -- the same as Argus?

I take it the different between radium and ra if you are not using the
multiplex features is that radium is set up to run as a daemon. 

One use I can see for the radium file transfer feature as providing
remote access for a web or gui based front end to a distributed
archive.   I have a central archive for the data I collect from our dmz
but I also have sensors running snort and argus scattered around the
campus network which watch all the links in the core.  These logs are
held on the sensors and rotated with a fixed disk allocation -- most
sensors have at least one month of data on them.  Setting up some simple
web forms that allowed secure access using radium seems like a good idea.  

Does anyone have a spare two weeks they can give me so I can set this
up?  ;-)

And while I'm on the topic -- how much data does the QOS stuff add to
argus flow files?  This is something that could really be useful to the
network folks who are under constant fire from the applications folk
(and lately some vendors) looking for excuses for poor application
performance. 

Sorry I'm being lazy.  I should enable it and look for myself!

Russell



More information about the argus mailing list