radium 3.0.5.19 fails to start "Probe ID ..."
John Gerth
gerth at graphics.stanford.edu
Wed Aug 31 11:42:41 EDT 2011
After replacing hardware, I've rebuilt argus and argus-clients on RHEL 6.1 system
however, now radium is failing to start (see below) even though argus itself is
running OK and "ra -S localhost:562" can get flows from it.
All I see that matches the complaint is that /etc/hosts defines the host as IPv6.
I could see this being a problem if radium.conf was telling it to connect to
bellatrix, but it's using localhost (I also tried 127.0.0.1 explicitly).
I'm going to ask them to change /etc/hosts, but what am I missing about localhost?
--
John Gerth gerth at graphics.stanford.edu Gates 378 (650) 725-3273 fax 723-0033
********* a RHEL 6.1 system
[gerth at bellatrix ~]$ radium -h 2>&1 | head -2
Radium Version 3.0.5.19
usage: radium [radiumoptions] [raoptions]
[gerth at bellatrix ~]$ radium -f /ln/etc/radium.conf
radium[31056]: 11:29:00.411 Probe ID bellatrix.stat.purdue.edu not in address family
*********** environment
netstat -an |grep 127
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:562 0.0.0.0:* LISTEN
cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 bellatrix.stat.purdue.edu bellatrix localhost6.localdomain6 localhost6
[gerth at bellatrix etc]$ ra -N 4 -S localhost:562
StartTime Flgs Proto SrcAddr Sport Dir DstAddr Dport SrcPkts DstPkts TotAppByte State NStrok
11:36:05.279 e udp 128.210.141.189.55040 <-> 128.210.11.5.domain 1 1 176 CON *
11:36:05.279 e udp 128.210.141.189.52705 <-> 128.210.11.5.domain 1 1 170 CON *
11:36:05.281 e udp 128.210.141.189.60522 <-> 128.210.11.5.domain 1 1 421 CON *
11:36:05.281 e udp 128.210.141.189.63205 <-> 128.210.11.5.domain 1 1 419 CON *
********* radium.conf
[gerth at bellatrix ~]$ cd /ln/etc
[gerth at bellatrix etc]$ cat radium.conf
#
# Radium Software
# Copyright (c) 2000-2008 QoSient, LLC
# All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Example radium.conf
#
# Radium will open this radium.conf if its installed as /etc/radium.conf.
# It will also search for this file as radium.conf in directories
# specified in $RADIUMPATH, or $RADIUMHOME, $RADIUMHOME/lib,
# or $HOME, $HOME/lib, and parse it to set common configuration
# options. All values in this file can be overriden by command
# line options, or other files of this format that can be read in
# using the -F option.
#
#
# Variable Syntax
#
# Variable assignments must be of the form:
#
# VARIABLE=
#
# with no white space between the VARIABLE and the '=' sign.
# Quotes are optional for string arguements, but if you want
# to embed comments, then quotes are required.
#
#
# Variable Explanations
#
# Radium is capable of running as a daemon, doing all the right things
# that daemons do. When this specific configuration file is used
# to configure the system daemon process (/etc/radium.conf) this
# variable should be set to "yes".
#
# The default value is to not run as a daemon.
#
# This example is to support the ./support/Startup/radium script
# which requires that this variable be set to "yes".
#
# Commandline equivalent -d
#
# Nov 10 JAG - radium script has -d
RADIUM_DAEMON=NO
# Radium Monitor Data is uniquely identifiable based on the source
# identifier that is included in each output record. This is to
# allow you to work with Radium Data from multiple monitors at the
# same time. The ID is 32 bits long, and so legitimate values are
# 0 - 4294967296 but radium also supports IP addresses as values.
# The configuration allows for you to use host names, however, do
# have some understanding how `hostname` will be resolved by the
# nameserver before commiting to this strategy completely.
#
# Commandline equivalent -e
#
RADIUM_MONITOR_ID=`hostname`
# If compiled to support this option, Radium is capable of
# generating a lot of debug information.
#
# The default value is zero (0).
#
# Commandline equivalent -D
#
#RADIUM_DEBUG_LEVEL=0
# Radium will periodically report on a its own health, providing
# interface status, total packet and bytes counts, packet drop
# rates, and flow oriented statistics.
#
# These records can be used as "keep alives" for periods when
# there is no network traffic to be monitored.
#
# The default value is 60 seconds, but a value of 60 seconds is
# very common.
#
# Commandline equivalent -M
#
RADIUM_MAR_STATUS_INTERVAL=60
#
# Radium can attach to any number of remote argus data sources,
# argi or radii. The syntax for this variable is a URI that
# specifies the URI schema, with transport, the hostname or a
# dot notation IP address, followed by an optional port value,
# separated by a ':'. If the URI format is not specified,
# the URI schema and transport mechanism are the default, argus://
# If the port is not specified, the default value of 561 is used.
#
# Commandline equivalent -S <argus://host[:port]>
# Commandline equivalent -S <argus-tcp://host[:port]>
# Commandline equivalent -S <argus-udp://host[:port]>
# Commandline equivalent -S <cisco://host[:port]>
# Commandline equivalent -S <host[:port]>
#
#RADIUM_ARGUS_SERVER=amon:12345
#RADIUM_ARGUS_SERVER=argus://amon:561
#RADIUM_ARGUS_SERVER=argus-tcp://thoth
#RADIUM_ARGUS_SERVER=argus-udp://apophis:562
#RADIUM_ARGUS_SERVER=cisco://192.168.0.4:9699
# Nov 10 JAG buffer local host
RADIUM_ARGUS_SERVER=localhost:562
# You can provide a filter expression here, if you like.
# Radium will filter all input records based on this definition.
# It should be limited to 2K in length. The default is to
# not filter.
#
# No Commandline equivalent
#
#RADIUM_FILTER=""
# Radium can adjust the timestamps in radium records as it receives
# them, based on the measured time difference between radium()
# and the sources. The variable takes a threshold value in
# seconds, so you can specify when to make a correction.
#
# No Commandline equivalent
#
#RADIUM_ADJUST_TIME=5
# Radium has filter capabilities that use a filter optimizer.
# If there is a need to not use this filter optimizer,
# you can turn it off here. The default is to leave it on.
#
# Commandline equivalent -O
#
#RADIUM_FILTER_OPTIMIZER=yes
# Radium can read Cicso Netflow records directly from Cisco
# routers. Specifying this value will alert Radium to open
# a UDP based socket listening for data from this name or address.
#
# Commandline equivalent -C
#
#RADIUM_CISCONETFLOW_PORT=9996
# When radium is compiled with SASL support, radium may be
# required to authenticate to the radium data source before data
# can be received. This variable will allow one to
# set the user and authorization id's, if needed. Although
# not recommended you can provide a password through the
# RADIUM_AUTH_PASS variable. The format for this variable is:
#
# RADIUM_USER_AUTH="user_id/authorization_id"
#
# Commandline equivalent -U
#
#RADIUM_USER_AUTH="user/auth"
#RADIUM_AUTH_PASS="password"
# Radium monitors can provide a real-time remote access port
# for other programs to collect Radium data. This is a TCP based
# port service and the default port number is tcp/561, the
# "experimental monitor" service. This feature is disabled by
# default, and can be forced off by setting it to zero (0).
#
# When you do want to enable this service, 561 is a good choice,
# as all ra* clients are configured to try this port by default.
#
# Commandline equivalent -P
#
# Nov 10 JAG - proxy on argus port
RADIUM_ACCESS_PORT=561
# When remote access is enabled (see above), you can specify that Radium
# should bind only to a specific IP address. This is useful, for example,
# in restricting access to the local host, or binding to a private
# interface while capturing from another. The default is to bind to any
# IP address.
#
# Commandline equivalent -B
#
RADIUM_BIND_IP=127.0.0.1
#
# Radium can write its output to one or a number of files,
# default limit is 64 concurrent files, each with their own
# independant filters.
#
# The format is:
# RADIUM_OUTPUT_FILE=/full/path/file/name
# RADIUM_OUTPUT_FILE=/full/path/file/name "filter"
#
# Most sites will have radium write to a file, for reliablity
# and performance. The example file name used here supports
# the archive program ./support/Archive/radiumarchive
# which is configured to use this file.
#
# Commandline equivalent -w
#
#RADIUM_OUTPUT_FILE=/var/log/radium/radium.out
RADIUM_OUTPUT_FILE=/ln/argusdump/sirius/argus.out
# Radium can write its output to one or a number of remote hosts.
# The default limit is 5 concurrent output streams, each with their
# own independant filters.
#
# The format is:
# RADIUM_OUTPUT_STREAM="URI [filter]"
# RADIUM_OUTPUT_STREAN="argus-udp://host:port 'tcp and not udp'"
#
# Most sites will have argus listen() for remote sites to request
# argus data, but for some sites and applications sending records without
# registration is desired. This option will cause argus to transmit records
# that match the optional filter, to the configured targets using UDP as the
# transport mechanism.
#
# Commandline equivalent -w argus-udp://host:port
#
#RADIUM_OUTPUT_STREAM=argus-udp://224.0.23.40:561
# Radium supports chroot(2) in order to control the file system that
# radium exists in and can access. Generally used when radium is running
# with privleges, this limits the negative impacts that radium could
# inflict on its host machine.
#
# This option will cause the output file names to be relative to this
# directory, and so consider this when trying to find your output files.
#
# Commandline equivalent -C
#
#RADIUM_CHROOT_DIR="/tmp"
# Radium can be directed to change its user id using the setuid() system
# call. This is can used when radium is started as root, in order to
# access privleged resources, but then after the resources are opened,
# this directive will cause radium to change its user id value to
# a 'lesser' capable account. Recommended when radium is running as a
# daemon.
#
# Commandline equivalent -u
#
#RADIUM_SETUSER_ID=user
# Radium can be directed to change its group id using the setgid() system
# call. This is can used when radium is started as root, in order to
# access privleged resources, but then after the resources are opened,
# this directive can be used to change argu's group id value to
# a 'lesser' capable account. Recommended when radium is running as a
# daemon.
#
# Commandline equivalent -g
#
#RADIUM_SETGROUP_ID=group
#
# Data transformation/processing is done on the complete set
# of input records, and all output from this radium node is
# transformed. This makes cataloging and tracking the
# transformational nodes a bit easier.
#
# This example enables data classification/labeling.
# This function is enabled with a single radium configuration
# keyword RADIUM_CLASSIFIER, and then a ralabel() configuration
# file is provided.
#
# Commandline equivalent none
#RADIUM_CLASSIFIER_FILE=/usr/local/argus/ralabel.conf
More information about the argus
mailing list