Argus – Audit Record Generation and Utilization System

Argus is used by many universities, corporations and government entities including US DISA, DoD, DHS, FFRDCs, and GLORIAD, the NSF International network when it was operational.

[2] Argus is designed to be a real-time situational awareness system, and its data can be used to track, alarm and alert on wire-line network conditions at up to 400Gbit/s.

Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission (data networks), and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as Layer 2 addresses, tunnel identifiers (MPLS, GRE, IPsec, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP detection), host flow control indications, etc... Argus has implemented a number of packet dynamics metrics specifically designed for cyber security.

Argus is an Open Source (GPL) project, owned and managed by QoSient, LLC, and has been ported to most operating systems and many exotic hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera.

Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.