radium 3.0.5.19 fails to start "Probe ID ..."
Carter Bullard
carter at qosient.com
Wed Aug 31 11:47:26 EDT 2011
Hey John,
Its the RADIUM_MONITOR_ID in the /etc/radum.conf that its complaining about.
We need a 32-bit value for the source id, and we're not finding one.
Try putting an IPv4 address, or an integer for that configuration.
Carter
On Aug 31, 2011, at 11:42 AM, John Gerth wrote:
> After replacing hardware, I've rebuilt argus and argus-clients on RHEL 6.1 system
> however, now radium is failing to start (see below) even though argus itself is
> running OK and "ra -S localhost:562" can get flows from it.
>
> All I see that matches the complaint is that /etc/hosts defines the host as IPv6.
> I could see this being a problem if radium.conf was telling it to connect to
> bellatrix, but it's using localhost (I also tried 127.0.0.1 explicitly).
>
> I'm going to ask them to change /etc/hosts, but what am I missing about localhost?
>
> --
> John Gerth gerth at graphics.stanford.edu Gates 378 (650) 725-3273 fax 723-0033
>
> ********* a RHEL 6.1 system
> [gerth at bellatrix ~]$ radium -h 2>&1 | head -2
> Radium Version 3.0.5.19
> usage: radium [radiumoptions] [raoptions]
> [gerth at bellatrix ~]$ radium -f /ln/etc/radium.conf
> radium[31056]: 11:29:00.411 Probe ID bellatrix.stat.purdue.edu not in address family
>
>
>
> *********** environment
>
> netstat -an |grep 127
> tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:562 0.0.0.0:* LISTEN
>
> cat /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> ::1 bellatrix.stat.purdue.edu bellatrix localhost6.localdomain6 localhost6
>
> [gerth at bellatrix etc]$ ra -N 4 -S localhost:562
> StartTime Flgs Proto SrcAddr Sport Dir DstAddr Dport SrcPkts DstPkts TotAppByte State NStrok
> 11:36:05.279 e udp 128.210.141.189.55040 <-> 128.210.11.5.domain 1 1 176 CON *
> 11:36:05.279 e udp 128.210.141.189.52705 <-> 128.210.11.5.domain 1 1 170 CON *
> 11:36:05.281 e udp 128.210.141.189.60522 <-> 128.210.11.5.domain 1 1 421 CON *
> 11:36:05.281 e udp 128.210.141.189.63205 <-> 128.210.11.5.domain 1 1 419 CON *
>
>
> ********* radium.conf
>
> [gerth at bellatrix ~]$ cd /ln/etc
> [gerth at bellatrix etc]$ cat radium.conf
> #
> # Radium Software
> # Copyright (c) 2000-2008 QoSient, LLC
> # All rights reserved.
> #
> # This program is free software; you can redistribute it and/or modify
> # it under the terms of the GNU General Public License as published by
> # the Free Software Foundation; either version 2, or (at your option)
> # any later version.
> #
> # This program is distributed in the hope that it will be useful,
> # but WITHOUT ANY WARRANTY; without even the implied warranty of
> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> # GNU General Public License for more details.
> #
> # You should have received a copy of the GNU General Public License
> # along with this program; if not, write to the Free Software
> # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
> #
> # Example radium.conf
> #
> # Radium will open this radium.conf if its installed as /etc/radium.conf.
> # It will also search for this file as radium.conf in directories
> # specified in $RADIUMPATH, or $RADIUMHOME, $RADIUMHOME/lib,
> # or $HOME, $HOME/lib, and parse it to set common configuration
> # options. All values in this file can be overriden by command
> # line options, or other files of this format that can be read in
> # using the -F option.
> #
> #
> # Variable Syntax
> #
> # Variable assignments must be of the form:
> #
> # VARIABLE=
> #
> # with no white space between the VARIABLE and the '=' sign.
> # Quotes are optional for string arguements, but if you want
> # to embed comments, then quotes are required.
> #
> #
> # Variable Explanations
> #
> # Radium is capable of running as a daemon, doing all the right things
> # that daemons do. When this specific configuration file is used
> # to configure the system daemon process (/etc/radium.conf) this
> # variable should be set to "yes".
> #
> # The default value is to not run as a daemon.
> #
> # This example is to support the ./support/Startup/radium script
> # which requires that this variable be set to "yes".
> #
> # Commandline equivalent -d
> #
>
> # Nov 10 JAG - radium script has -d
> RADIUM_DAEMON=NO
>
>
> # Radium Monitor Data is uniquely identifiable based on the source
> # identifier that is included in each output record. This is to
> # allow you to work with Radium Data from multiple monitors at the
> # same time. The ID is 32 bits long, and so legitimate values are
> # 0 - 4294967296 but radium also supports IP addresses as values.
> # The configuration allows for you to use host names, however, do
> # have some understanding how `hostname` will be resolved by the
> # nameserver before commiting to this strategy completely.
> #
> # Commandline equivalent -e
> #
>
> RADIUM_MONITOR_ID=`hostname`
>
>
> # If compiled to support this option, Radium is capable of
> # generating a lot of debug information.
> #
> # The default value is zero (0).
> #
> # Commandline equivalent -D
> #
>
> #RADIUM_DEBUG_LEVEL=0
>
>
> # Radium will periodically report on a its own health, providing
> # interface status, total packet and bytes counts, packet drop
> # rates, and flow oriented statistics.
> #
> # These records can be used as "keep alives" for periods when
> # there is no network traffic to be monitored.
> #
> # The default value is 60 seconds, but a value of 60 seconds is
> # very common.
> #
> # Commandline equivalent -M
> #
>
> RADIUM_MAR_STATUS_INTERVAL=60
>
>
> #
> # Radium can attach to any number of remote argus data sources,
> # argi or radii. The syntax for this variable is a URI that
> # specifies the URI schema, with transport, the hostname or a
> # dot notation IP address, followed by an optional port value,
> # separated by a ':'. If the URI format is not specified,
> # the URI schema and transport mechanism are the default, argus://
> # If the port is not specified, the default value of 561 is used.
> #
> # Commandline equivalent -S <argus://host[:port]>
> # Commandline equivalent -S <argus-tcp://host[:port]>
> # Commandline equivalent -S <argus-udp://host[:port]>
> # Commandline equivalent -S <cisco://host[:port]>
> # Commandline equivalent -S <host[:port]>
> #
>
> #RADIUM_ARGUS_SERVER=amon:12345
> #RADIUM_ARGUS_SERVER=argus://amon:561
> #RADIUM_ARGUS_SERVER=argus-tcp://thoth
> #RADIUM_ARGUS_SERVER=argus-udp://apophis:562
> #RADIUM_ARGUS_SERVER=cisco://192.168.0.4:9699
>
> # Nov 10 JAG buffer local host
> RADIUM_ARGUS_SERVER=localhost:562
>
>
> # You can provide a filter expression here, if you like.
> # Radium will filter all input records based on this definition.
> # It should be limited to 2K in length. The default is to
> # not filter.
> #
> # No Commandline equivalent
> #
>
> #RADIUM_FILTER=""
>
>
> # Radium can adjust the timestamps in radium records as it receives
> # them, based on the measured time difference between radium()
> # and the sources. The variable takes a threshold value in
> # seconds, so you can specify when to make a correction.
> #
> # No Commandline equivalent
> #
>
> #RADIUM_ADJUST_TIME=5
>
>
> # Radium has filter capabilities that use a filter optimizer.
> # If there is a need to not use this filter optimizer,
> # you can turn it off here. The default is to leave it on.
> #
> # Commandline equivalent -O
> #
>
> #RADIUM_FILTER_OPTIMIZER=yes
>
>
> # Radium can read Cicso Netflow records directly from Cisco
> # routers. Specifying this value will alert Radium to open
> # a UDP based socket listening for data from this name or address.
> #
> # Commandline equivalent -C
> #
>
> #RADIUM_CISCONETFLOW_PORT=9996
>
>
> # When radium is compiled with SASL support, radium may be
> # required to authenticate to the radium data source before data
> # can be received. This variable will allow one to
> # set the user and authorization id's, if needed. Although
> # not recommended you can provide a password through the
> # RADIUM_AUTH_PASS variable. The format for this variable is:
> #
> # RADIUM_USER_AUTH="user_id/authorization_id"
> #
> # Commandline equivalent -U
> #
>
> #RADIUM_USER_AUTH="user/auth"
> #RADIUM_AUTH_PASS="password"
>
>
> # Radium monitors can provide a real-time remote access port
> # for other programs to collect Radium data. This is a TCP based
> # port service and the default port number is tcp/561, the
> # "experimental monitor" service. This feature is disabled by
> # default, and can be forced off by setting it to zero (0).
> #
> # When you do want to enable this service, 561 is a good choice,
> # as all ra* clients are configured to try this port by default.
> #
> # Commandline equivalent -P
> #
>
> # Nov 10 JAG - proxy on argus port
> RADIUM_ACCESS_PORT=561
>
>
> # When remote access is enabled (see above), you can specify that Radium
> # should bind only to a specific IP address. This is useful, for example,
> # in restricting access to the local host, or binding to a private
> # interface while capturing from another. The default is to bind to any
> # IP address.
> #
> # Commandline equivalent -B
> #
>
> RADIUM_BIND_IP=127.0.0.1
>
>
> #
> # Radium can write its output to one or a number of files,
> # default limit is 64 concurrent files, each with their own
> # independant filters.
> #
> # The format is:
> # RADIUM_OUTPUT_FILE=/full/path/file/name
> # RADIUM_OUTPUT_FILE=/full/path/file/name "filter"
> #
> # Most sites will have radium write to a file, for reliablity
> # and performance. The example file name used here supports
> # the archive program ./support/Archive/radiumarchive
> # which is configured to use this file.
> #
> # Commandline equivalent -w
> #
>
> #RADIUM_OUTPUT_FILE=/var/log/radium/radium.out
> RADIUM_OUTPUT_FILE=/ln/argusdump/sirius/argus.out
>
>
> # Radium can write its output to one or a number of remote hosts.
> # The default limit is 5 concurrent output streams, each with their
> # own independant filters.
> #
> # The format is:
> # RADIUM_OUTPUT_STREAM="URI [filter]"
> # RADIUM_OUTPUT_STREAN="argus-udp://host:port 'tcp and not udp'"
> #
> # Most sites will have argus listen() for remote sites to request
> # argus data, but for some sites and applications sending records without
> # registration is desired. This option will cause argus to transmit records
> # that match the optional filter, to the configured targets using UDP as the
> # transport mechanism.
> #
> # Commandline equivalent -w argus-udp://host:port
> #
>
> #RADIUM_OUTPUT_STREAM=argus-udp://224.0.23.40:561
>
>
>
> # Radium supports chroot(2) in order to control the file system that
> # radium exists in and can access. Generally used when radium is running
> # with privleges, this limits the negative impacts that radium could
> # inflict on its host machine.
> #
> # This option will cause the output file names to be relative to this
> # directory, and so consider this when trying to find your output files.
> #
> # Commandline equivalent -C
> #
>
> #RADIUM_CHROOT_DIR="/tmp"
>
>
> # Radium can be directed to change its user id using the setuid() system
> # call. This is can used when radium is started as root, in order to
> # access privleged resources, but then after the resources are opened,
> # this directive will cause radium to change its user id value to
> # a 'lesser' capable account. Recommended when radium is running as a
> # daemon.
> #
> # Commandline equivalent -u
> #
>
> #RADIUM_SETUSER_ID=user
>
>
> # Radium can be directed to change its group id using the setgid() system
> # call. This is can used when radium is started as root, in order to
> # access privleged resources, but then after the resources are opened,
> # this directive can be used to change argu's group id value to
> # a 'lesser' capable account. Recommended when radium is running as a
> # daemon.
> #
> # Commandline equivalent -g
> #
>
> #RADIUM_SETGROUP_ID=group
>
>
> #
> # Data transformation/processing is done on the complete set
> # of input records, and all output from this radium node is
> # transformed. This makes cataloging and tracking the
> # transformational nodes a bit easier.
> #
> # This example enables data classification/labeling.
> # This function is enabled with a single radium configuration
> # keyword RADIUM_CLASSIFIER, and then a ralabel() configuration
> # file is provided.
> #
> # Commandline equivalent none
>
> #RADIUM_CLASSIFIER_FILE=/usr/local/argus/ralabel.conf
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110831/abf70fad/attachment.bin>
More information about the argus
mailing list