Radium to multiple Argi on the same host

[Carter Bullard]

String support for the srcid is not fully implemented, so  I'll put that on
the list of stuff to do in the short term.

The way the whole system separates flows from different sensors is from the
unique srcid that each sensor puts into each record that it generates.
I put in the `hostname` support to make it easier for probes to be self
configuring, but there maybe better ways.

Ethernet address of an interface?  Is there another automatic unique
identifier that a host/probe can present to an argus daemon at startup?

Until we find other methods, hard coding is the best way to do it.
I allocate srcid's using a 10.0.0.0 network address space, and hardcode
the address into the argus.conf file for each probe.

For argus records that don't have srcid's, or you want to change them, 
you should be able to use ranonymize() to set the srcid of all the records
in a file to a specific value.  That maybe useful?

What do you think?

Carter

On Aug 5, 2010, at 3:37 PM, Phillip Deneault wrote:

> In situations where multiple Argi are running on the same sensor, which
> is being collected by a Radium instance on a server, is there a good way
> to either designate the destination directories and/or set the $srcid in
> such a way as to allow radium to separate the flows on its own?
> 
> I can hard code an integer ID number into the monitor id of each Argi,
> but then I need to keep some external list.  I don't think using the IP
> or hostname will work since the directory structure will probably be
> identical for the two without a further index of some kind.
> 
> I tried setting an arbitrary string... just on the off-chance it might
> work, but was unsuccessful.
> 
> Thanks,
> Phil
> 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100805/3165c6a4/attachment.bin>