radium 3.0.5.19 fails to start "Probe ID ..."

John Gerth gerth at graphics.stanford.edu
Wed Aug 31 11:42:41 EDT 2011


After replacing hardware, I've rebuilt argus and argus-clients on RHEL 6.1 system
however, now radium is failing to start (see below) even though argus itself is
running OK and "ra -S localhost:562" can get flows from it.

All I see that matches the complaint is that /etc/hosts defines the host as IPv6.
I could see this being a problem if radium.conf was telling it to connect to
bellatrix, but it's using localhost (I also tried 127.0.0.1 explicitly).

I'm going to ask them to change /etc/hosts, but what am I missing about localhost?

-- 
John Gerth      gerth at graphics.stanford.edu  Gates 378   (650) 725-3273  fax 723-0033

********* a RHEL 6.1 system
[gerth at bellatrix ~]$ radium -h 2>&1 | head -2
Radium Version 3.0.5.19
usage: radium [radiumoptions] [raoptions]
[gerth at bellatrix ~]$ radium -f /ln/etc/radium.conf
radium[31056]: 11:29:00.411 Probe ID bellatrix.stat.purdue.edu not in address family



*********** environment

 netstat -an |grep 127
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:6010              0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:562               0.0.0.0:*                   LISTEN

 cat /etc/hosts
127.0.0.1	localhost.localdomain	localhost
::1	bellatrix.stat.purdue.edu	bellatrix	localhost6.localdomain6	localhost6

[gerth at bellatrix etc]$ ra -N 4 -S localhost:562
   StartTime      Flgs  Proto            SrcAddr  Sport   Dir            DstAddr  Dport  SrcPkts  DstPkts TotAppByte        State    NStrok
11:36:05.279  e           udp    128.210.141.189.55040    <->       128.210.11.5.domain        1        1        176          CON         *
11:36:05.279  e           udp    128.210.141.189.52705    <->       128.210.11.5.domain        1        1        170          CON         *
11:36:05.281  e           udp    128.210.141.189.60522    <->       128.210.11.5.domain        1        1        421          CON         *
11:36:05.281  e           udp    128.210.141.189.63205    <->       128.210.11.5.domain        1        1        419          CON         *


********* radium.conf

[gerth at bellatrix ~]$ cd /ln/etc
[gerth at bellatrix etc]$ cat radium.conf
#
#  Radium Software
#  Copyright (c) 2000-2008 QoSient, LLC
#  All rights reserved.
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2, or (at your option)
#  any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Example  radium.conf
#
# Radium will open this radium.conf if its installed as /etc/radium.conf.
# It will also search for this file as radium.conf in directories
# specified in $RADIUMPATH, or $RADIUMHOME, $RADIUMHOME/lib,
# or $HOME, $HOME/lib, and parse it to set common configuration
# options.  All values in this file can be overriden by command
# line options, or other files of this format that can be read in
# using the -F option.
#
#
# Variable Syntax
#
# Variable assignments must be of the form:
#
#   VARIABLE=
#
# with no white space between the VARIABLE and the '=' sign.
# Quotes are optional for string arguements, but if you want
# to embed comments, then quotes are required.
#
#
# Variable Explanations
#
# Radium is capable of running as a daemon, doing all the right things
# that daemons do.  When this specific configuration file is used
# to configure the system daemon process (/etc/radium.conf) this
# variable should be set to "yes".
#
# The default value is to not run as a daemon.
#
# This example is to support the ./support/Startup/radium script
# which requires that this variable be set to "yes".
#
# Commandline equivalent   -d
#

# Nov 10 JAG - radium script has -d
RADIUM_DAEMON=NO


# Radium Monitor Data is uniquely identifiable based on the source
# identifier that is included in each output record.  This is to
# allow you to work with Radium Data from multiple monitors at the
# same time.  The ID is 32 bits long, and so legitimate values are
# 0 - 4294967296 but radium also supports IP addresses as values.
# The configuration allows for you to use host names, however, do
# have some understanding how `hostname` will be resolved by the
# nameserver before commiting to this strategy completely.
#
# Commandline equivalent   -e
#

RADIUM_MONITOR_ID=`hostname`


# If compiled to support this option, Radium is capable of
# generating a lot of debug information.
#
# The default value is zero (0).
#
# Commandline equivalent   -D
#

#RADIUM_DEBUG_LEVEL=0


# Radium will periodically report on a its own health, providing
# interface status, total packet and bytes counts, packet drop
# rates, and flow oriented statistics.
#
# These records can be used as "keep alives" for periods when
# there is no network traffic to be monitored.
#
# The default value is 60 seconds, but a value of 60 seconds is
# very common.
#
# Commandline equivalent   -M
#

RADIUM_MAR_STATUS_INTERVAL=60


#
# Radium can attach to any number of remote argus data sources,
# argi or radii. The syntax for this variable is a URI that
# specifies the URI schema, with transport,  the hostname or a
# dot notation IP address, followed by an optional port value,
# separated by a ':'.  If the URI format is not specified,
# the URI schema and transport mechanism are the default, argus://
# If the port is not specified, the default value of 561 is used.
#
# Commandline equivalent   -S <argus://host[:port]>
# Commandline equivalent   -S <argus-tcp://host[:port]>
# Commandline equivalent   -S <argus-udp://host[:port]>
# Commandline equivalent   -S <cisco://host[:port]>
# Commandline equivalent   -S <host[:port]>
#

#RADIUM_ARGUS_SERVER=amon:12345
#RADIUM_ARGUS_SERVER=argus://amon:561
#RADIUM_ARGUS_SERVER=argus-tcp://thoth
#RADIUM_ARGUS_SERVER=argus-udp://apophis:562
#RADIUM_ARGUS_SERVER=cisco://192.168.0.4:9699

# Nov 10 JAG buffer local host
 RADIUM_ARGUS_SERVER=localhost:562


# You can provide a filter expression here, if you like.
# Radium will filter all input records based on this definition.
# It should be limited to 2K in length.  The default is to
# not filter.
#
# No Commandline equivalent
#

#RADIUM_FILTER=""


# Radium can adjust the timestamps in radium records as it receives
# them, based on the measured time difference between radium()
# and the sources.  The variable takes a threshold value in
# seconds, so you can specify when to make a correction.
#
# No Commandline equivalent
#

#RADIUM_ADJUST_TIME=5


# Radium has filter capabilities that use a filter optimizer.
# If there is a need to not use this filter optimizer,
# you can turn it off here.  The default is to leave it on.
#
# Commandline equivalent   -O
#

#RADIUM_FILTER_OPTIMIZER=yes


# Radium can read Cicso Netflow records directly from Cisco
# routers.  Specifying this value will alert Radium to open
# a UDP based socket listening for data from this name or address.
#
# Commandline equivalent   -C
#

#RADIUM_CISCONETFLOW_PORT=9996


# When radium is compiled with SASL support, radium may be
# required to authenticate to the radium data source before data
# can be received.  This variable will allow one to
# set the user and authorization id's, if needed.  Although
# not recommended you can provide a password through the
# RADIUM_AUTH_PASS variable.  The format for this variable is:
#
# RADIUM_USER_AUTH="user_id/authorization_id"
#
# Commandline equivalent   -U
#

#RADIUM_USER_AUTH="user/auth"
#RADIUM_AUTH_PASS="password"


# Radium monitors can provide a real-time remote access port
# for other programs to collect Radium data.  This is a TCP based
# port service and the default port number is tcp/561, the
# "experimental monitor" service.  This feature is disabled by
# default, and can be forced off by setting it to zero (0).
#
# When you do want to enable this service, 561 is a good choice,
# as all ra* clients are configured to try this port by default.
#
# Commandline equivalent   -P
#

# Nov 10 JAG  - proxy on argus port
RADIUM_ACCESS_PORT=561


# When remote access is enabled (see above), you can specify that Radium
# should bind only to a specific IP address. This is useful, for example,
# in restricting access to the local host, or binding to a private
# interface while capturing from another. The default is to bind to any
# IP address.
#
# Commandline equivalent  -B
#

RADIUM_BIND_IP=127.0.0.1


#
# Radium can write its output to one or a number of files,
# default limit is 64 concurrent files, each with their own
# independant filters.
#
# The format is:
#      RADIUM_OUTPUT_FILE=/full/path/file/name
#      RADIUM_OUTPUT_FILE=/full/path/file/name "filter"
#
# Most sites will have radium write to a file, for reliablity
# and performance.  The example file name used here supports
# the archive program ./support/Archive/radiumarchive
# which is  configured to use this file.
#
# Commandline equivalent   -w
#

#RADIUM_OUTPUT_FILE=/var/log/radium/radium.out
RADIUM_OUTPUT_FILE=/ln/argusdump/sirius/argus.out


# Radium can write its output to one or a number of remote hosts.
# The default limit is 5 concurrent output streams, each with their
# own independant filters.
#
# The format is:
#      RADIUM_OUTPUT_STREAM="URI [filter]"
#      RADIUM_OUTPUT_STREAN="argus-udp://host:port 'tcp and not udp'"
#
# Most sites will have argus listen() for remote sites to request
# argus data, but for some sites and applications sending records without
# registration is desired.  This option will cause argus to transmit records
# that match the optional filter, to the configured targets using UDP as the
# transport mechanism.
#
# Commandline equivalent   -w argus-udp://host:port
#

#RADIUM_OUTPUT_STREAM=argus-udp://224.0.23.40:561



# Radium supports chroot(2) in order to control the file system that
# radium exists in and can access.  Generally used when radium is running
# with privleges, this limits the negative impacts that radium could
# inflict on its host machine.
#
# This option will cause the output file names to be relative to this
# directory, and so consider this when trying to find your output files.
#
# Commandline equivalent   -C
#

#RADIUM_CHROOT_DIR="/tmp"


# Radium can be directed to change its user id using the setuid() system
# call.  This is can used when radium is started as root, in order to
# access privleged resources, but then after the resources are opened,
# this directive will cause radium to change its user id value to
# a 'lesser' capable account.  Recommended when radium is running as a
# daemon.
#
# Commandline equivalent   -u
#

#RADIUM_SETUSER_ID=user


# Radium can be directed to change its group id using the setgid() system
# call.  This is can used when radium is started as root, in order to
# access privleged resources, but then after the resources are opened,
# this directive can be used to change argu's group id value to
# a 'lesser' capable account.  Recommended when radium is running as a
# daemon.
#
# Commandline equivalent   -g
#

#RADIUM_SETGROUP_ID=group


#
# Data transformation/processing is done on the complete set
# of input records, and all output from this radium node is
# transformed.  This makes cataloging and tracking the
# transformational nodes a bit easier.
#
# This example enables data classification/labeling.
# This function is enabled with a single radium configuration
# keyword RADIUM_CLASSIFIER, and then a ralabel() configuration
# file is provided.
#
# Commandline equivalent   none

#RADIUM_CLASSIFIER_FILE=/usr/local/argus/ralabel.conf






More information about the argus mailing list