Radium File Transfer Feature
Robin Gruyters
r.gruyters at yirdis.nl
Tue Jan 30 04:04:53 EST 2007
Great feature Carter, but still I have a question
>
> ... possibly using our standard argus archive file strategy, ...
>
What strategy? Did I miss something?
Regards,
Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119
Quoting Carter Bullard <carter at qosient.com>:
> Gentle people,
> One un-documented feature of radium() is the ability to transfer argus
> data files.
>
> The concept is that radium could (optionally) keep a local archive,
> possibly using
> our standard argus archive file strategy, and for some reason you may want
> to transfer the records in bulk, or you may need to get some records
> that were lost,
> for some reason, or you just want to look at last years data, say 1
> hour at a time
> and you want to get it from a persistent archive somewhere on the network.
>
> You do this with any ra* program, using an extension to the "-S" option.
>
> ra -S radium:port[/full/path/name/to/argus/data/file]
>
> Argus does not support this feature, so you'll need to attach to a
> radium() to get
> any data from it. I found a few glitches in the current implementation
> (rc.39),
> (fetching a valid directory hangs argus()) but I'm fixing these problems now.
>
> Now this could raise some security eyebrows, but we have strong
> authentication
> support in radium(), chroot() support, and radium() will only transport
> argus data files,
> so you can't transfer arbitrary files with the mechanism. Radium()
> actually parses the
> files, and processes the data before it transports them, so operations
> like remote
> filtering work with this feature.
>
> Comments, suggestions, opinions are more than welcome!!!!
>
> Carter
More information about the argus
mailing list