O'Reilly logo

Network Security Hacks by Andrew Lockhart

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Audit Network Traffic

Use Argus to monitor your network and to keep an audit trail of your traffic.

Wouldn’t it be nice if you could keep a complete record of everything that happened on your network? It would certainly help to track down problems and would be invaluable in the event of a security incident, but it would just take up too much space to keep all of that data around. The next best thing would be to keep a log of all the packets, but not actually keep the data. You can do this with Argus (http://www.qosient.com/argus/).

Argus, or the Audit Record Generation and Utilization System, is a tool that can log network transactions in a variety of ways and can even collect performance metrics on every connection that it is able to see. Argus also contains several utilities that can make queries against the logs, so you can easily extract the information you need. These tools allow you to generate ASCII-, RMON-, or XML-formatted information from an Argus log file. Argus also provides a Perl interface for accessing its log files, so you can easily write custom scripts to make use of the data it collects.

To set up Argus, you’ll first need to download the source distribution and unpack it. Then change into the directory that it creates:

$ tar xfz argus-2.0.5.tar.gz
$ cd argus-2.0.5

To compile Argus, run this command:

$ ./configure && make

After compilation has finished, you can install Argus by becoming root and running this command:

# make install

To get a quick demo of Argus, run ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required