AUDITING NETWORK ACTIVITY

Using Argus

Getting Argus

Argus Wiki

Development

Documentation

Publications

Support

Links

News

Latest News

Tue Jan 29 11:51:09 EST 2019 – The Argus Archive

The Argus Archives have now been moved to a new site @ pair.net and is being updated accordingly. We moved the last 20 years of the archive to the new site based on Gmane's NNTP retention times. If there is demand to add back the first 8 years, I'll see what we can do. With some crossed finger support, Google should start indexing the new site this week. The interface is a bit dated, as it is using Mailman v2 pipermail. With an update to Mailman v3, we'll move to HyperKitty. If you have suggestions, please send to the mailing list.

The NNTP collection and distribution of the argus newsgroup is still on going @ gname.org. Go to nntp://news.gmane.org/gmane.network.argus. If you have any problems, of course, send email to the list.

Mon Jan 14 10:11:41 EST 2019 – Argus-3.0.8.3

Happy New Year !!! Hope all is most excellent with each of you in 2019 !!

There is action in the Argus world for 2019. We're re-establishing the argus mailing-list archive, which was on gmane.org for so long. The NSF Advanced Measurement Initiative (AMI) Insight 2 project, which provides an Elastic Search, Kubana stack for argus data is coming to conclusion, and their software is in testing and should be available soon, and commercial ArgusPro is progressing nicely with commerical hardware and software versions of Argus. If you're looking for commerical licenses of Argus, supported versions, and/or really fast appliances, be sure and contact us. 2019 should be an exciting year.

Argus for clouds is a big deal in 2019, with cloud-init support for rpm and Debian based Linux. Strategies and considerations for cloud forensics analysis will be introduced in argus-3.0.8.3 with a argus-3.0.8.4 release, hopefully it will generate some good discussions.

We will be making Argus-3.0.8.3 available as the next dev / test version this quarter. It is a major bug fix distribution. We are planning an Argus-3.0.8.4 release at the beginning of the summer.

FloCon 2019 was an excellent conference this year, with a lot of Machine Learning and flow analytics presentations. FloCon is still the best flow conference today, so be sure and take a look at the agenda and slide decks. New Orleans was fun, next year it will be in Savannah, Ga.

Wed Jan 9 09:25:16 EST 2019 – Argus-3.0.8.2 Stable

Argus-3.0.8.2 is the stable, and current version of Argus. We are planning an Argus-3.0.8.4 release at the end of the year, to provide additional fixes. Argus-3.0.8.2 fixes a series of reported errors and should be considered a major bug fix release of argus. The companion argus-clients-3.0.8.2 represents a minor bug fix release of the argus client programs. Of course, there are a few issues still being worked out, as always. Please consider grabing this version for your production environments. The new release version of argus has been tested out quite a bit, and has been in production in a few sites for month(s). The principle changes are portability fixes (OpenWRT, Solaris, Windows), bugs reported by one of the national labs, better Debian package support and a few additional encapsulations, including GRE ERSPAN II, and Juniper packet capture.

Currently, the set of stable source code can be grabbed from these links:

argus-3.0.8.2

argus-clients-3.0.8.2

 

Welcome to Argus, the network Audit Record Generation and Utilization System. The Argus Project is focused on developing all aspects of large scale network situtational awareness derived from network activity audit. Argus, itself, is next-generation network flow technology, processing packets, either on the wire or in captures, into advanced network flow data. The data, its models, formats, and attributes are designed to support Network Operations, Performance and Security Management. If you need to know what is going on in your network, right now or historically, you will find Argus a useful tool.

Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...

Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.

Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, HP-UX, VxWorks, IRIX, Windows (under Cygwin) and OpenWrt, has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera, and embedded in network adapters. The software should be portable to many other environments with little or no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.

If you are interested in participating, check out the mailing lists and sign up today! And go to the wiki, to catch up on some light reading!!!