[ARGUS] HA config?
Patrick Forsberg
fors at chalmers.se
Thu Sep 25 15:30:36 EDT 2025
Retrying ascii-art using fixed width
Sensor1
argus1 ---> radium1 ---+
| Archive
| ---> radium3 ---> ?
Sensor2 |
argus2 ---> radium2 ---+
On 2025-09-25 21:25, Patrick Forsberg wrote:
> Hi,
>
> We have two sensors listening in on our border routers that are
> configured as active-active.
>
> We also have an archive host where we store our collected data.
>
> Our current setup has the sensors write data directly from argus to a
> file and then that file is rotated every 5 minutes.
> The rotated sensor files are then rsynced to the archive host where
> they are then merged into an archive using racluster.
>
> The rsync setup means that it is possible to reboot the archive host
> without loosing any data collected during the reboot
>
> It is now time to install new sensors and a new archive host and also
> migrate from 3.0.8.3 to 5.0.3 and I thought I should modernise things
> a bit and start using radium instead.
>
> My idea for a setup is currently something like
>
> Sensor1
> argus1 ---> radium1 ---+
> | Archive
> | ---> radium3 ---> ?
> Sensor2 |
> argus2 ---> radium2 ---+
>
>
> This setup should handle a reboot of a sensor node fairly well since
> radium3 should be able to reconnect to the sensor once it comes back
> up and we must accept that we won't have a complete picture of the
> network traffic during the time it took to reboot the sensor.
>
> What I do not think it handles well is rebooting the Archive host.
> Once it has rebooted and started up radium3 it will receive the
> "current" data from radium1/radium2 but not the data collected while
> the Archive host rebooted. Is there a way to handle this or would I
> have to fall back to collecting files from the sensor nodes for the
> missing time?
>
> Regards,
>
> Patrick Forsberg
> Chalmers University of Technology
>
More information about the argus
mailing list