Using Argus

Getting Argus

Argus Wiki







Latest News

Wed Jun 1 11:08:27 EDT 2016 Argus-

Argus- has been released as stable, and is the current version of Argus. Argus- fixes a series of reported errors and should be considered a major bug fix release of argus. The companion argus-clients- represents a minor bug fix release of the argus client programs. Of course, there are a few issues still being worked out, as always. Please consider grabing this version for your production environments. The new release version of argus has been tested out quite a bit, and has been in production in a few sites for month(s). The principle changes are portability fixes (OpenWRT, Solaris, Windows), bugs reported by one of the national labs, better Debian package support and a few additional encapsulations, including GRE ERSPAN II, and Juniper packet capture.

Currently, the set of stable source code can be grabbed from these links:




Welcome to Argus, the network Audit Record Generation and Utilization System. The Argus Project is focused on developing all aspects of large scale network situtational awareness derived from network activity audit. Argus, itself, is next-generation network flow technology, processing packets, either on the wire or in captures, into advanced network flow data. The data, its models, formats, and attributes are designed to support Network Operations, Performance and Security Management. If you need to know what is going on in your network, right now or historically, you will find Argus a useful tool.

Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...

Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.

Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, HP-UX, VxWorks, IRIX, Windows (under Cygwin) and OpenWrt, has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera, and embedded in network adapters. The software should be portable to many other environments with little or no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.

If you are interested in participating, check out the mailing lists and sign up today! And go to the wiki, to catch up on some light reading!!!