Audit Record Generation and Utilization System

From Wikipedia, the free encyclopedia

Audit Record Generation and Utilization System or Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream, doing that by that categorizing IP packets which match the boolean expression into a protocol-specific network transaction model. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Argus can be used to analyze and report on the contents of packet capture files or it can run as a continuous monitor, examining data from a live interface; generating an audit log of all the network activity seen in the packet stream. Argus can be deployed to monitor individual end-systems, or an entire enterprise's network activity. As a continuous monitor, Argus provides both push and pull data handling models, to allow flexible strategies for collecting network audit data. Argus data clients support a range of operations, such as sorting, aggregation, archival and reporting. There is XML support for Argus data, which makes handling Argus data a bit easier.

Typically it is used on Unix/Linux but it only depends on libpcap.

[edit] External links