GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
radtool(1) FreeBSD General Commands Manual (axa) radtool(1)

radtool
Realtime Anomaly Detector (RAD) tool

[-dhNV] [-c cfile] [-n config] [-E ciphers] [-F fields] [-S certs] [commands]

Radtool connects and sends Advanced Exchange Access (AXA) protocol messages to Realtime Anomaly Detector (RAD) servers and displays the responses. It can also tunnel SIE data like radtunnel(1).

Radtool is a programming example for the Advanced Exchange Access (AXA) applications programming interface to RAD servers, the AXA protocol. It also demonstrates the use of the AXA helper library, libaxa.a.

Start using radtool with the connect command described below. Use one or more anomaly commands to specify interesting patterns of SIE messages or IP packets. Limit the number of packets or messages transmitted from the SRA server or displayed with the rate limit and count commands.

Unless more output is enabled with the verbose command, most messages or packets are displayed in two lines. The first line includes the channel number on which it was received, the SIE message vendor of the message, the name of the field that caused the message to be selected, and the contents of the field. The second line is a summary of the message or packet.

When more verbose output is enabled or when radtool does not understand the message, IP packets are printed in ASCII and SIE messages are printed in the standard nmsg presentation format also seen from nmsgtool(1).

The following arguments are available:
cfile
reads commands from cfile as if the first command string on the command line were “source cfile”.
turns on tracing and debugging reports. Additional -d turn on more messages.
ciphers
specifies the TLS encryption ciphers to use with TLS connections.
config
overrides the default location of the config file that contains AXA client configuration data. Details are below. The default is ~/.axa/config.
fields
overrides the default location of the fields file that defines relationships among and semantics among SIE message fields. The default is $AXACONF/fields, ~/.axa/fields, or /usr/local/etc/axa/fields.
display options summary.
instructs radtool to not display a command line prompt.
certs
specifies the directory containing SSL certificates and keys. If -S is not used, radtool uses the first directory among $AXACONF/certs, ~/.axa/certs, and /usr/local/etc/axa/certs.
displays the version of radtool and its preferred version of the AXA protocol.
commands
are optional commands strings that are executed before radtool starts accepting commands from the use. There can be more than one string of commands. Multiple commands within a string are separated by semicolons.

radtool executes commands read from the standard input. Command history is available if the standard input is a terminal. Multiple commands can be specified at once by separating them with semicolons. The following commands are available:
Tell the server to report counts of packets seen, missed, sent, and lost.
List the available connection aliases (culled from the axa client config file).
Toggle NMSG output buffering. By default, this is enabled, which buffers network writes until the container is full. If disabled, NMSG payloads are emitted as quickly as possible.
[cipher-list]
set the list of ciphers for the next TLS connection or show the current contents of the list.
[AraliasSmon|Arapikey:Ar<apikey>@Arhost,portSmon|Artcp:OoAruser@OcArhost,portSmon|Arunix:OoAruser@OcAr/ud/socketSmon|Arssh:OoAruser@OcArhostSmon|Artls:cert,key@host,portSmon]
By itselfconnectshows the current connection.Otherwise connect to the specified RAD server.

alias:use a connection alias specified in the AXA config file (see FILES).

apikey:identify and authenticate the user via a Farsight Security provided apikey. The connection will be encrypted using the same TLS semantics as the tls transport below.

ssh:connections usessh(1)configuration files including ssh_config(5)to specify the required public keys and optionally the fully qualified host names and user names associated with the public key. Use the "debug 4" command to diagnose ssh connection problems. Note that SSH transport is deprecated and users are encouraged to use TLS.

tls:connections use the SSL certificate in the certfile and the private key in the keyfile.If not absolute, the files are in the-Scertsdirectory.

tcp:unused.

unix:unused.

[N|off]
sets terminal output to stop displaying packets after anumber of packets (including immediately with a number of 0), show the currently remaining count, or turn off the packet count limit.
[on|off|quiet|N]
increases, decreases or shows the level of debugging and tracing messagesthat is also controlled by -d.Debug quietturns off reports of successful AXA commands.
disconnects from the RAD server.
[disconnect|off]
disconnects from the RAD server and exitswhen the server reports an error or the connection breaks. In the default mode error mode off,errors are only reported.
Ends the program.
Tell the RAD server to resume sending data.radtool.
[command]
lists all commands or describes a single command.
[SRA|RAD]
Show the current command mode orexpect to connect to an SRA or RAD server.The default command mode is set by the name of the program.
sends a command to the server that does nothing but test the connection.
Start, stop or show the state of forwarding packets received from the server. Received NMSG messages and IP packets can be forwarded as NMSG messages to a TCP or UDP port. Received IP packets can be forwarded as a pcap stream to a file, to a FIFO created with separately with mkfifo(1),or in Ethernet frames on a named network interface to a 48-bit address.
nmsg:[tcp:|udp:]host,port Op Ar count
sends NMSG messages to the UDP or optional TCP host name and port number host,port. UDP is the default. IP packets are converted to NMSG messages.
nmsg:file:path Op Ar count
sends NMSG messages to the file named path. IP packets are converted to NMSG messages.
nmsg:file_json:path Op Ar count
sends NMSG json blobs to the file named path.
pcap[-fifo]:path Op Ar count
sends IP packets to a file or FIFO named path for examination with tcpdump(1) or another packet tracing tool. An ordinary file is the default. Only IP packets but not NMSG messages are sent.
pcap-if:[dst/]ifname Op Ar count
transmits IP packets on the network interface named ifname for examination with tcpdump(1) or another packet tracing tool. dst optionally specifies a destination 48-bit Ethernet address other than all 0:0:0:0:0:0 default. This output usually requires that radtool be run by root. Only IP packets but not NMSG messages are sent.

If count is present, forwarding stops after that many packets.

Tell the RAD server to stop sending data.
[[-|MAX|per-sec] [-|NEVER|report-secs]]
Tell the RAD server to report its rate limits or set rate limits and the interval between rate limit reports. Hits in excess of the rate limit are discarded by the server.
Change to RAD mode.
[X%]
Get and optionally set the percentage of hits that the RAD servers sends.
Do nothing for x.y seconds.
reads and executes commands from a file.
Change to SRA mode.
Show information about the current connection state including time connected.
N
Set the server trace level to N.
name
sends a username to the server (not used for SSH/TLS-based connections).
[on | off | N]
controls the length of SIE message and IP packet descriptions. The default, verbose off, generally displays one line summaries.
displays the version of radtool and its version of the AXA protocol.
[bufsize]
Get and optionally set the TCP output buffer size or maximum send window used by the server.
Toggle NMSG zlib container compression.
[tag] delete [anomaly [all]]
With a tag (numeric label), stop or delete the specified anomaly. Without a tag (or with the keyword "all"), delete all anomalies.
[tag] stop [anomaly [all]]
Synonym for the delete command.
tag watch {ip=IP[/N][(shared) | dns=[*.]dom[(shared)]}
Specify IP addresses or domain names relevant to the anomaly detection modules specified by subsequent anomaly commands with the same tag. The optional [(shared)] suffix marks IP addresses or domains that are not exclusively used by the RAD client.
 
ip=IP[/n]
The IPv4 or IPv6 address IP specifies a host address unless a prefix length is specified.
 
dns=[*.]dom
watches for the domain anywhere in the IP packets or SIE messages on the channels selected with -c. A wild card watches for occurrences of the domain and all sub-domains.
tag anomaly name [parameters]
Start the named anomaly detector module. The relevant domains and IP addresses are specified by preceding watch commands with the same tag. The parameters for each module are described it its man page. Tag is a number that labels the module and the relevant watches as well as other modules using the same watches.
[tag] list
If a tag is present, list the set of watches and anomaly detection modules with that tag. Without a tag, list all active as well as available anomaly detection modules.
[tag] get
Synonym for the list command.
Ask the server to report user's current RAD Units balances.

fields
defines relationships among and meanings of SIE message fields. Its contents should rarely if ever need to be changed.
certs
is the directory set with -S that contains TLS certificate and key files.
~/.axa/config
is a required file that contains AXA client configuration data. Currently supported are connection aliases that provide the user with a facility to create shortcut mnemonics to specify the RAD server connection string. For example:
$ cat ~/.axa/config
# RAD
alias:rad-apikey=apikey:<elided>@example.com,1012

    

If the user wanted to connect to RAD, she would only have to remember "rad-apikey" and could do:

$ radtool
sra> connect rad-apikey
    

This config file is shared for radtool, sratool, sratunnel, and radtunnel. Because this file can contain sensitive information such as apikeys, it must not be readable or writeable to anybody other than "owner" or sratool will not load.

~/.ssh/config
is the ssh_config(5) configuration file used with connect ssh:... connections. The usual ssh(1) sequence is used, starting with ~/.ssh/config. "Host" stanzas in the file can simplify connections to RAD servers.
~/.sratool_history
contains the command history from previous radtool and/or sratool invocations

If set, AXACONF specifies the AXA configuration directory instead of, ~/.axa or /usr/local/etc/axa.

sratool(1), sratunnel(1), radtunnel(1), mkfifo(1), and nmsgtool(1).
May 14, 2022 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.