Radar is a real-time interactive graphical application for remotely monitoring one or more Radiator Radius servers. Radar allows administrators to remotely monitor, analyze and change the behaviour of Radiator.
Radiator is a highly portable and configurable Radius server from Open System Consultants Pty. Ltd. (see http://www.open.com.au/radiator). Radar is a separate product (see http://www.open.com.au/radar) which may come bundled with your Radiator purchase.
Radar makes an authenticated TCP connection to one or more Radiators. It periodically checks the health of each connected server and provides tools for monitoring, analyzing and changing the behaviour of each Radiator.
The rest of this document describes how to install, configure and operate Radar. The intended audience is experienced network administrators who are responsible for maintaining a Radiator installation.
For the keen and experienced administrator, this section contains very brief instructions for getting started with Radar. More detailed instructions for installing, configuring and using Radar are found in later sections.
Since Radar is a well behaved X windows application (on Unix), and because it connects to Radiator by TCP, there is a great deal of flexibility with where you can deploy Radar in relation to your Radiators and your display workstations.
In the simplest architecture, you might have a single computer (with its own display) running both Radiator and Radar. The host could be any Unix or Windows computer. In this case, you would configure Radar to monitor the single Radiator at localhost:9048, and Radar would display on the host computer's display.
In a larger and more complicated installation, you might have multiple independent Radiators running on several different hosts throughout your network. You could then run Radar on your personal workstation. Radar would connect by TCP to each Radiator and display itself on your workstation, allowing you to monitor all the Radiators from one location.
You might want to use Radar from a remote or home workstation, but security and firewalling issues may mean that you can't make a Radar connection on TCP port 9048 from home to your Radiators. In that case, you could run Radar on an internal host, and use an SSH forwarded X windows connection to display Radar's window on your home computer.
Radar is a well-behaved perl application, and is packaged as a conventional perl distribution, which may be installed on Unix or Windows An RPM package suitable for most Linux versions is also available.
install TkThe perl Tk module wil be installed for you.
perl Makefile.PL. This will check that your distribution is complete.
perl test.pl. You should see some lines like "ok xx", and none saying "not ok xx".
perl Makefile.PL install
Before Radiator will accept connections from Radar, it must be properly configured to include a <Monitor> clause. If there is no <Monitor> clause in the Radiator configuration file, Radar will not be able to connect to and monitor that Radiator.
For more extensive details on options for the <Monitor> clause, see the Radiator reference manual. However, below is a minimal <Monitor> clause that will permit some initial testing. It will permit Radar to connect from anywhere to the default TCP port of 9048, using the username `mikem' and password `fred'.
The location of the configuration file can be changed with the -i flag (see Section 7.1, Command line arguments ).
Radar can save its configuration to the configuration file, so that each time you start Radar, it will start up with the same configuration as before, monitoring the same servers, and with the same loggers and plotters visible.
By default, Radar only saves its configuration when you select File->Save Radar Configuration. However, if you enable `Auto Save Configuration' in File->Edit Radar Configuration..., under the General tab, then Radar will save the new configuration every time the configuration is changed.
Hint : In order for Radar to start next time with the same configuration, save the current configuration with File->Save Radar Configuration, or set Auto Save Configuration in File->Edit Radar Configuration, General tab.
When Radar starts for the first time, you will be presented with an empty screen similar to Figure 4 . No Radiators are being monitored, and no monitoring tools are visible.
In order to monitor a Radiator, you must first configure it into Radar. Before you can monitor a new Radiator, you will need to know the DNS name or IP address where it is running, and its Monitor port number. You will also need to know a valid username and password that can be used with the Radiator Monitor. If you don't know this information, consult your Radiator server administrator.
To configure Radar to monitor a new Radiator, choose Tools->Monitor new Radiator server.... You will then see a dialog similar to Figure 5 .
Enter the DNS name or IP address of the Radiator host. The default of `localhost' means `on the same computer where Radar is running'. Also enter the port number that the Radiator Monitor is listening on. The default port of 9048 is the same as the default port that the Monitor clause uses. See Section 6.0, Radiator configuration for more details. Press Return, or click on OK. You will then see a login dialog similar to Figure 6
Enter a valid Username and Password to authenticate the Radar connection to the Radiator Monitor. If the Username and Password are accepted by the Radiator, you will see the entry in the server list window change to loggedin, similar to Figure 7 . If the Username and Password are not accepted, you will be prompted for them again.
After connecting to a Radiator, Radar continually monitors the health of the connected Radiator. It displays information about the health of each connected Radiator in the server list window. Radar can detect and display a number of different states of health:
After adding a new server, you may want to change some of the configurable parameters for that server. The default values that Radar uses for new connections are perfectly suitable for most uses, but for advanced or unusual situations, you may wish to customize them.
To change server details, click on the servers entry in the server list, then choose Tools->Properties. A dialog similar to Figure 6 will appear.
You can optionally display a Trace message logger for each monitored Radiator. This allows you to easily see error and warning messages sent by Radiator, and optionally to enable debug messages, allowing you to analyze how and why Radiator is handling certain requests.
Radar Trace logging is in addition to and completely independent of any other logging configured into Radiator. If you have your Radiator configured to log ERR messages to a FILE, it will continue to do so irrespective of the settings of the Radar Trace logger.
To view a Trace logger for a Radiator, click on the server in the server list, then choose Tools->Trace log. You will see a logger window in the tools area, similar to Figure 9 .
As Trace log messages arrive, they are scrolled upwards in the logger window, so the most recent messages are always visible. The standard Tk text menu is available with the right mouse button, allowing you to cut and search for text. All the messages received by the logger are kept in the text buffer (and therefore within Radar) until the logger window is closed.
You can change the Trace level for the Radar logger at any time with the level option menu in the logger window. Radiator then only sends log messages that are at or above the trace level set by the trace level menu in Radar.
You can specify a logger Filter, so that the logger will only show messages resulting from Radius requests that satisfy the filter and which are at or above the current Trace level. To create or alter a filter, click on the Filter... button. A dialog will appear,allowing you to specify one or more Radius attributes, values and matching rules. Only Radius packets that satisfy all the rules will be logged to the Radar logging window. To accept the new filter, click on OK. The filter rules wil be printed in the logger window, and the new filter will take effect immediately.
You can optionally display and plot statistics gathered by each monitored Radiator. Radiator gathers over 20 statistical measures for the server as a whole, and for each Radiator object (i.e. for each Client, Realm, Handler, AuthBy and Host in the Radiator configuration). Radar allows you plot any or all of the available statistics from any or all objects within a Radiator.
Plotting statistics allows you to see, for example, when Total throughput is unusually low, or if Average response time is usually high, indicating a problem in the authentication system. Many other interesting and useful statistics are also available, allowing you to keep close tabs on the health of your authentication system.
To view a plotter for a Radiator, click on the server in the server list, then choose Tools->Plot statistics. You will see a plotter window in the tools area, similar to Figure 11 . This plotter will show statistics gathered for the server as a whole.
To view a plotter for an object with Radiator, expand the server in the server list by clicking on the +. The server will expand to show all the configurable parameters and objects at that level within the server. You can drill down to see objects embedded within other objects. For example, to plot statistics for a single Client, click on + next to the server name to expand it, then click on the + next to Client. It will expand to list the name of each Client in the Radiator configuration. Click on the Client name, then choose Tools->Plot statistics. You will see a new plotter window in the tools area, similar to Figure 10 on page 15. This plotter will show statistics gathered for just that Client
You can have any number of plotters for any number of Radiator internal objects. For example, you could have a `Total requests' plotter for the server as a whole, a separate `Average Response Time' plotter for the server as a whole, a `Bad authenticators in accounting requests' for a certain Client that is currently causing trouble, and a `Total requests' plotter for a Host in an AuthBy RADIUS, showing how many requests are being proxied. Furthermore, each plotter can plot any number of the available statistics for that object at the same time. However, it is not possible to have statistics from two different objects plotted in the same plotter. See Figure 12 , showing an example of Radar plotting statistics for two different servers.
Note that if a Radar becomes disconnected or unavailable while being plotted, the plot line for that Radiator will not be drawn while it is disconnected. This means there may be gaps in the plot line reflecting times when there was no statistical data available from that server. This is normal behaviour for Radar, but the cause of the diconnection should be investigated.
For each plotter, you can extensively customize what statistics are displayed and how they are displayed. You can add and remove data items from the plotter, change colors and titles, and change the scale factors and plotting frequency.
To change the configuration of a plotter, click on the Properties button in the plotter. A configuration dialog similar to Figure 14 will appear.
The plotter configuration dialog contains two tabs. General ( Figure 13 ) allows you to configure parameters for the whole plotter. Data Sets ( Figure 14 ) allows you to configure each individually plotted statistic.
The Data Sets tab allows you to configure the look of each individual statistic displayed. On the left side, there is a list of available statistics from that object. Clicking on one will show how it is configured on the right. The following options are available
Hint : There is a right mouse button menu available on the plotting area of the plotter window. It includes a Properties button. If you click the right mouse button close enough to a data sample, it will show the name of the data item, and the time of the sample.
Radar allows you to drill down into the monitored Radiators to view and possibly change the Radiator configuration parameters. Click on the + next to a server in the server list window causes the list to expand and show all the top level server configuration parameters and clauses, similar to Figure 15 . Clicking on the + next to an object or object list causes it to expand in turn. Using this technique, you can explore the entire Radiator configuration.
Many parameters display their current value next to them. You can resize and scroll the server list window to see more of the parameter list. Some parameters are not able to usefully display all their data values. They will show up as ARRAY or HASH or similar.
Radar allows you to change selected Radiator configuration parameters. The changes are not permanent: they only last until the next time the Radiator is restarted (i.e the changes only effect the Radiator internal state). This feature allows you to quickly experiment with changes to the configuration without constantly restarting the server. For example, you can change the text of hooks, and set various flags, strings and integers in the configuration.
Click on the parameter you are interested in, then choose Tools->Change Parameter Value... You will see an editing dialog similar to one of the ones shown in Figure 16 , Figure 17 , Figure 18 or Figure 19 .
Hint : One of the more useful flag parameters for testing and debugging is the PacketTrace flag, available in each object. If a request passes `through' an object or clause with the PacketTrace flag set, Radiator will log at DEBUG level all the messages for that request, regardless of the current Trace level. This is useful, for example, for getting detailed traces for requests coming only from a certain Client.
You can manually restart any Radiator connected to Radar. To restart a Radiator, click on its name in the server list window, then choose Tools->Restart Server. This has the same effect as sending a HUP signal: Radiator restarts by completely rereading its configuration file.
Radar connections to Radiator are authenticated with CHAP. Plaintext passwords are never sent on the connection. However, Radar connections are not encrypted. If you are concerned about proprietary information being exposed by sniffing the TCP connection, you should consider tunnelling the Radar TCP connection using SSH or similar.
If you are using hardwired username and passwords in your Radiator Monitor configuration, you should take care that unauthorized personnel cannot access the Radiator configuration file to read the Radar access password.
The Radar configuration file may record the Radar access password for each Radiator saved in the configuration file. You should take care that it is not readable by unauthorized personnel. The Radar configuration file is in
in your home directory on Unix, and in
in the current directory on Windows.
Radar support may be purchased at the time you purchase Radar. See
for details. Support contracts last for a limited period (typically one year) and may include a limited amount of pre-paid email support.
Open System Consultants will respond promptly to support email during business hours, Australian Eastern Standard time. Telephone support is not provided. We will keep track of the effort required to answer your support email, and inform you when your prepaid support time has expired.
The standard Radar license does not include support, but it does include the full source code and free access to the Radar mailing list. This means you can help yourself, and you can work with other Radar users in the user community. In order to participate with others in this effort, you can join the Radar mailing list by sending email with the single word
in the body (
in the subject line) to
The staff of OSC monitor the Radar mailing list and frequently answer questions. It's very active so don't hesitate to use it. There is an archive of the mailing list available at
http://www.open.com.au/archives/radar/for more hints. You can search this archive for items related to your problem.
email@example.com. If you have a support contract, send email to
firstname.lastname@example.org.Be sure to include at least the following information:
There is a separate Radar mailing list that just carries product announcements and upgrades. If you want to know about upgrades available, but do not want all the technical volume from the normal mailing list, this may be the one for you. Radar product announcements will be posted to both lists.
We are interested in your feedback, both positive and negative, and bug reports. Please send them to email@example.com. Licensees are entitled to free upgrades, and we do fix bugs that are reported to us, so if you report a bug, you can expect to get an upgrade with a fix one day. If you don't report it, it might never get fixed.