Using Argus

Getting Argus

Argus Wiki







Latest News

Wed Sept 3 12:50:47 EST 2014 Argus-3.0.8

Argus-3.0.8 is now released as the current stable version of Argus !!! This is a major bug fix release of argus and argus-clients, with a lot of new features that enhance argus-3.0. A lot of attention has been put into client function and performance, especially to our argus data browser, ratop.1, which gets color support, argus event correlation, and performace improvements. Argus metadata labeling is a big part of the 3.0.8 release, and there is a tutorial available in the Publications site. Other tutorials are available, and we'll be adding more and more documentation now that the release is finished.

This version of argus and argus-clients has been tested out quite a bit, and in production in a number of sites for several months. There is still a lot of work to do, and this release is not perfect, of course, so if you do grab it and find anything that you consider not quite right, send email to the argus mailing list, so we can fix it.

The current set of stable source code can be grabbed from these links:



Argus FloCon 2014 presentations are now available from FloCon Proceedings. Be sure and checkout the Argus PCR presentation, as we show the new Producer / Consumer Ratio metric and how it can be used to detect exfiltration, even DNS convert channel based exfiltration.

Argus-3.0.8 is now being used in production to drive some really great network visualizations for GLORIAD, the advanced science interent network that connects US, Russia, China, Korea, Canada, The Netherlands, India, Egypt, Singapore and Nordic scientists with Advanced Cyberinfrastructure. Checkout the various visualizations, including GLORIAD Earth.


Welcome to Argus, the network Audit Record Generation and Utilization System. The Argus Project is focused on developing all aspects of large scale network activity audit. Argus, itself, is next-generation network flow technology, going from packets on the wire to advanced network flow data, to network forensics data; all in support of Network Operations, Performance and Security Management. If you need to know what is going on in your network, right now or historically, you will find Argus a useful tool.

Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...

Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.

Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.

If you are interested in participating, check out the mailing lists and sign up today! And go to the wiki, to catch up on some light reading!!!