Radium File Transfer Feature
carter at qosient.com
carter at qosient.com
Tue Jan 30 09:11:17 EST 2007
Hey Robin,
Hopefully in the next couple of weeks!!
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: Robin Gruyters <r.gruyters at yirdis.nl>
Date: Tue, 30 Jan 2007 12:48:54
To:carter at qosient.com
Cc:Argus <argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Radium File Transfer Feature
Ok. This morning I've installed the Argus RC39 and looks very stable.
Also the IP address is showing alright now.
So, already an idea when you are planning to make it final?
Regards,
Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119
Quoting carter at qosient.com:
> Hey Robin,
> There are tools, especially rasplit() and argusarchive() that take
> argus strams/files and generate filesystems organized as
> $ARGUSARCHIVE/srcid/year/mon/day/argus...., and I/we have several
> scripts that work with these archive strategies.
>
> That's what I was refering to.
> So how are things going?
>
> Carter
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> -----Original Message-----
> From: Robin Gruyters <r.gruyters at yirdis.nl>
> Date: Tue, 30 Jan 2007 10:04:53
> To:Carter Bullard <carter at qosient.com>
> Cc:Argus <argus-info at lists.andrew.cmu.edu>
> Subject: Re: [ARGUS] Radium File Transfer Feature
>
> Great feature Carter, but still I have a question
>
>>
>> ... possibly using our standard argus archive file strategy, ...
>>
> What strategy? Did I miss something?
>
> Regards,
>
> Robin Gruyters
> Network and Security Engineer
> Yirdis B.V.
> I: http://yirdis.com
> P: +31 (0)36 5300394
> F: +31 (0)36 5489119
>
>
> Quoting Carter Bullard <carter at qosient.com>:
>
>> Gentle people,
>> One un-documented feature of radium() is the ability to transfer argus
>> data files.
>>
>> The concept is that radium could (optionally) keep a local archive,
>> possibly using
>> our standard argus archive file strategy, and for some reason you may want
>> to transfer the records in bulk, or you may need to get some records
>> that were lost,
>> for some reason, or you just want to look at last years data, say 1
>> hour at a time
>> and you want to get it from a persistent archive somewhere on the network.
>>
>> You do this with any ra* program, using an extension to the "-S" option.
>>
>> ra -S radium:port[/full/path/name/to/argus/data/file]
>>
>> Argus does not support this feature, so you'll need to attach to a
>> radium() to get
>> any data from it. I found a few glitches in the current implementation
>> (rc.39),
>> (fetching a valid directory hangs argus()) but I'm fixing these
>> problems now.
>>
>> Now this could raise some security eyebrows, but we have strong
>> authentication
>> support in radium(), chroot() support, and radium() will only transport
>> argus data files,
>> so you can't transfer arbitrary files with the mechanism. Radium()
>> actually parses the
>> files, and processes the data before it transports them, so operations
>> like remote
>> filtering work with this feature.
>>
>> Comments, suggestions, opinions are more than welcome!!!!
>>
>> Carter
>
>
>
>
More information about the argus
mailing list