Starting out

[Carter Bullard]

Hey Paul,
Welcome !!  Radium is used primarily for 3 reasons.  1) to collect argus data from multiple sources, 2) provide multiple access to real time argus data streams, and 3) to perform near real time streaming analytics, like geo labeling.

You may not need radium, buts its nice to have around.  Have radium collect the data stream from argus, and then archive he data from radium, using either rasplit() or rastream().  Rastream is rasplit() but with a single additional feature, which provides archive file processing, like indexing and compression.  It works great for argus data, not good for netflow flow data, use rasplit() if you just want to pop the records in an arch e structure or file.

Carter

On Feb 7, 2013, at 5:48 PM, Paul Halliday <paul.halliday at gmail.com> wrote:

> What I am looking to do is have argus provide  5 (or 10 or 30) minute
> files in a structure like this: y/y-m/y-m-d/y-m-d.H.M.S
> 
> So I thought I kinda knew what I was doing
> 
> Calling argus like: argus -u argus -g argus -P 561 -d -i em0
> and rasplit like: rasplit -M time 5m -w
> /nsm/sessions/%Y/%Y-%m/%Y-%m-%d/%Y-%m-%d.%H%M%S
> 
> Worked great. I then went to create an rc script to start the works on
> boot and noticed that rasplit didn't have a daemon mode. This led me
> to believe that this isn't how I should be going about things. Then I
> started reading about radium. Confused.
> 
> I am a newb coming from flowtools where the structure I outlined above
> was pretty much how things played out.
> 
> The sensors will be standalone and I am not interested in centralized
> collection/aggregation. I need as much historical data as possible
> (FIFO after the disk fills) and will be creating summary data for
> pretty much everything as well.
> 
> How should I go about this with argus? Better ways?
> 
> Thanks!
> 
> -- 
> Paul Halliday
> http://www.pintumbler.org/
>