The newest development version of argus-clients is on the server. This version provides fixes for a large number of issues with label processing, and MySQL database processing support. Follow the development threads on the email list, and please download argus-clients-184.108.40.206 and give it a try. As always, if you do run into problems, please don't hesitate to send a note to the argus developers mailing list.
The current set of stable source code can be grabbed from these links:
Work is progressing well at the Stanford SDN testbed, at Stanford University. Argus is the primary situational awareness technology for a large chunk of Stanford's campus network, and we're finding a good number of operational, performance and security relevant issues. We'll continue to work with the testbed throughout 2013.
Argus-3.0.6 is now being used to drive some really great network visualizations for GLORIAD, the advanced science interent network that connects US, Russia, China, Korea, Canada, The Netherlands, India, Egypt, Singapore and Nordic scientists with Advanced Cyberinfrastructure. Checkout the various visualizations, including GLORIAD Earth.
Welcome to Argus, the network Audit Record Generation and Utilization System. The Argus Project is focused on developing network activity audit strategies and prototype technology to support Network Operations, Performance and Security Management. If you look at packets to solve problems, or you need to know what is going on in your network, right now or way back then, you should find Argus a useful tool.
The Argus sensor processes packets (either capture files or live packet data) and generates detailed status reports of the 'flows' that it detects in the packet stream. The flow reports that Argus generates capture much of the semantics of every flow, but with a great deal of data reduction, so you can store, process, inspect or analyze large amounts of network data in a short period of time. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...
Argus is used by many sites to establish network activity audits, which are then used to supplement traditional IDS based network security. These sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms to decide if the alarms are real problems. In many DIY efforts, snort, Bro and argus run on the same high performance device. The audit data that Argus generates is great for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting very slow scans, and supporting Zero day events. The network transaction audit data that Argus generates has also been used for a wide range of other tasks including Network Billing and Accounting, Operations Management and Performance Analysis.
Argus can be considered an implementation of the architecture described in the IETF IPFIX Working Group. Argus pre-dates IPFIX, and the project has actively contributed to the IPFIX effort, however, Argus technology should be considered a superset of the IPFIX architecture, providing "proof of concept" implementations for most aspects of the IPFIX applicability statement. Argus technology can read and process Cisco Netflow data, and many sites develop audits using a mixture of Argus and Netflow records.
Argus is an Open Source project and currently runs on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt. The software should be portable to many other versions of Unix with little modification. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.
Page Last Modified: 23:49:31 EDT 26 Sep 2013 © Copyright 2000 - 2013 QoSient, LLC. All Rights Reserved.