Audit Record Generation and Utilization System
Encyclopedia
Audit Record Generation and Utilization System (Argus) is a fixed-model real-time flow monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream, doing that by that categorizing IP packets which match the Boolean expression
into a protocol-specific network transaction model. Argus provides a common data format
for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter
on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.
Argus is used by many universities, corporations and government enterprises to establish an audit of all network traffic to supplement traditional Intrusion detection system (IDS) based network security. These sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms to decide if the alarms are real problems. Argus can be used to analyze and report on the contents of packet capture
files or it can run as a continuous monitor, examining data from a live interface; generating an audit log of all the network activity seen in the packet stream. Argus can be deployed to monitor individual end-systems, or an entire enterprise's network activity. As a continuous monitor, Argus provides both push and pull data handling models, to allow flexible strategies for collecting network audit data. Argus data clients support a range of operations, such as sorting, aggregation, archival and reporting. There is XML
support for Argus data, which makes handling Argus data a bit easier.
Typically it is used on Unix
/Linux
but it only depends on libpcap.
Boolean expression
In computer science, a Boolean expression is an expression in a programming language that produces a Boolean value when evaluated, i.e. one of true or false...
into a protocol-specific network transaction model. Argus provides a common data format
Data format
Data format in information technology can refer to either one of:* Data type, constraint placed upon the interpretation of data in a type system* Signal , a format for signal data used in signal processing...
for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter
Jitter
Jitter is the undesired deviation from true periodicity of an assumed periodic signal in electronics and telecommunications, often in relation to a reference clock source. Jitter may be observed in characteristics such as the frequency of successive pulses, the signal amplitude, or phase of...
on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.
Argus is used by many universities, corporations and government enterprises to establish an audit of all network traffic to supplement traditional Intrusion detection system (IDS) based network security. These sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms to decide if the alarms are real problems. Argus can be used to analyze and report on the contents of packet capture
Packet capture
Packet capture is the act of capturing data packets crossing a computer network. Deep packet capture is the act of capturing, at full network speed, complete network packets crossing a network with a high traffic rate...
files or it can run as a continuous monitor, examining data from a live interface; generating an audit log of all the network activity seen in the packet stream. Argus can be deployed to monitor individual end-systems, or an entire enterprise's network activity. As a continuous monitor, Argus provides both push and pull data handling models, to allow flexible strategies for collecting network audit data. Argus data clients support a range of operations, such as sorting, aggregation, archival and reporting. There is XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
support for Argus data, which makes handling Argus data a bit easier.
Typically it is used on Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
/Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
but it only depends on libpcap.