Radium File Transfer Feature

carter at qosient.com carter at qosient.com
Tue Jan 30 06:25:06 EST 2007 

Hey Robin,
There are tools, especially rasplit() and argusarchive() that take argus strams/files and generate filesystems organized as $ARGUSARCHIVE/srcid/year/mon/day/argus...., and I/we have several scripts that work with these archive strategies.

That's what I was refering to.
So how are things going?

Carter

Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: Robin Gruyters <r.gruyters at yirdis.nl>
Date: Tue, 30 Jan 2007 10:04:53 
To:Carter Bullard <carter at qosient.com>
Cc:Argus <argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Radium File Transfer Feature

Great feature Carter, but still I have a question

>
> ... possibly using our standard argus archive file strategy, ...
>
What strategy? Did I miss something?

Regards,

Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119


Quoting Carter Bullard <carter at qosient.com>:

> Gentle people,
> One un-documented feature of radium() is the ability to transfer argus
> data files.
>
> The concept is that radium could (optionally) keep a local archive,
> possibly using
> our standard argus archive file strategy, and for some reason you may want
> to transfer the records in bulk, or you may need to get some records
> that were lost,
> for some reason, or you just want to look at last years data, say 1
> hour at a time
> and you want to get it from a persistent archive somewhere on the network.
>
> You do this with any ra* program, using an extension to the "-S" option.
>
>    ra -S radium:port[/full/path/name/to/argus/data/file]
>
> Argus does not support this feature, so you'll need to attach to a
> radium() to get
> any data from it.  I found a few glitches in the current implementation
> (rc.39),
> (fetching a valid directory hangs argus()) but I'm fixing these problems now.
>
> Now this could raise some security eyebrows, but we have strong   
> authentication
> support in radium(), chroot() support, and radium() will only transport
> argus data files,
> so you can't transfer arbitrary files with the mechanism.  Radium()
> actually parses the
> files, and processes the data before it transports them, so operations
> like remote
> filtering work with this feature.
>
> Comments, suggestions, opinions are more than welcome!!!!
>
> Carter

More information about the argus mailing list