[ARGUS] HA config?
Patrick Forsberg
fors at chalmers.se
Thu Sep 25 15:25:18 EDT 2025
Hi,
We have two sensors listening in on our border routers that are
configured as active-active.
We also have an archive host where we store our collected data.
Our current setup has the sensors write data directly from argus to a
file and then that file is rotated every 5 minutes.
The rotated sensor files are then rsynced to the archive host where they
are then merged into an archive using racluster.
The rsync setup means that it is possible to reboot the archive host
without loosing any data collected during the reboot
It is now time to install new sensors and a new archive host and also
migrate from 3.0.8.3 to 5.0.3 and I thought I should modernise things a
bit and start using radium instead.
My idea for a setup is currently something like
Sensor1
argus1 ---> radium1 ---+
| Archive
| ---> radium3 ---> ?
Sensor2 |
argus2 ---> radium2 ---+
This setup should handle a reboot of a sensor node fairly well since
radium3 should be able to reconnect to the sensor once it comes back up
and we must accept that we won't have a complete picture of the network
traffic during the time it took to reboot the sensor.
What I do not think it handles well is rebooting the Archive host. Once
it has rebooted and started up radium3 it will receive the "current"
data from radium1/radium2 but not the data collected while the Archive
host rebooted. Is there a way to handle this or would I have to fall
back to collecting files from the sensor nodes for the missing time?
Regards,
Patrick Forsberg
Chalmers University of Technology
More information about the argus
mailing list