Audit Network Traffic
Use Argus to monitor your network and to keep an audit trail of your traffic.
Wouldn’t it be
nice if you could keep a complete record of everything that happened
on your network? It would certainly
help to track down problems and would be invaluable in the event of a
security incident, but it would just take up too much space to keep
all of that data around. The next
best thing would be to keep a log of all the packets, but not
actually keep the data. You can do
Argus, or the Audit Record Generation and
Utilization System, is a tool that can log network transactions in a
variety of ways and can even collect performance metrics on every
connection that it is able to see.
Argus also provides a Perl
interface for accessing its log files, so you can easily write custom
scripts to make use of the data it collects.
To set up
Argus, you’ll first
need to download the source distribution and unpack it. Then change into the directory that it
tar xfz argus-2.0.5.tar.gz$
Argus, run this command:
./configure && make
After compilation has finished, you can install
by becoming root and running this command:
To get a quick demo of
Argus, run ...
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.