Latest News
Wed Jul 1 15:09:54 EDT 2009 – New Site, New Code
New site look and feel to get ready for the new code, documentation, support, screen shots, and the like. If you have any thoughts/comments/issues/gripes/whatever, don't hesitate to send them to the mailing list, and THANKS for all the help and support.
I would like to consider providing a "Flow Monitor" RSS feed. If anyone has any experience with this type of technology, I'd love to hear how this maybe done.
Welcome to Argus, the network Audit Record Generation and Utilization System. The Argus Open Project is focused on developing network audit strategies that can do real work for the network architect, administrator and network user.
Argus can be considered an implementation of the technology described in the IETF IPFIX Working Group. Argus pre-dates IPFIX, and the project has actively contributed to the IPFIX effort, however, Argus technology should be considered a superset of the IPFIX architecture, providing "proof of concept" implementations of most aspects of the IPFIX applicability statement. Argus resolves many limitations of the IPFIX approach, providing support for bi-directional flows for Layers 2, sub 3, 3, 4 and layer 5 of the OSI stack, and network protocols other than IP, such as Infiniband and IS-IS. Argus provides a high performance realtime flow data generator, a flexible push and/or pull flow data transport and collection system, as well as techonology to provide flow data mediation, aggregation, anonymization, filtering, searching, correlation, storage and archiving.
For many sites, Argus is used to establish network activity audits, that are then used to supplement traditional IDS based network security. Many sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms. In many DYI efforts, snort, Bro and argus run on the same high performance device. The audit data that Argus generates is great for network asset and service inventory, performing behavioral baselining of server and client relationships, detecting very slow scans, and supporting Zero day events. The network transaction audit data that Argus generates has also been used for a wide range of other tasks including Network Billing and Accounting, Network Operations Management and Performance Analysis.
Argus is an Open Source project and currently runs on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX and OpenWrt and its client programs have also been ported to Cygwin. The software should be portable to many versions of Unix with little modification. Performance is such that auditing an entire enterprises Internet activity can be accomplished using modest computing resources.
Argus is an ongoing and active project. If you are interested in participating, check out the mailing lists and sign up today! And go to the wiki, to catch up on some light reading!!!
Page Last Modified: 12:20:39 EDT 1 July 2009 ©Copyright 2000 - 2009 QoSient, LLC. All Rights Reserved.