2007-02-01: Bugfix release 0.0.6

ArgusEye 0.0.5 was a major rewrite for better performance and modularity. Unfortunately that left dependencies on development modules and broke some functionality. Version 0.0.6 repairs whois/hostname lookups, port translation and display filtering. Online documentation has been updated for the new features of Argus management and live reading.

2007-01-30: New version 0.0.5

This new version of ArgusEye introduces a management interface for remote Argi and live Argus reading. Management operations such as starting or stopping Argus require an optional SSH key.

What is Argus?

Argus is a powerful suite of tools for transaction-based network auditing. Argus captures network traffic like tcpdump does, but aggregates packets to transactions and applies various metrics.

Argus comes with a daemon for traffic capture and various client programs in the argus-clients distribution.

You can find Argus at http://qosient.com/argus/

What is ArgusEye?

The clients provided with Argus are all command-line tools, well designed for huge traffic loads and scripting purposes. ArgusEye is a GUI frontend to these clients, for making specific tasks in daily work easier.

The idea is to have a GUI functionality for Argus, like Wireshark does for tcpdump. ArgusEye is in an early development stage and still there are lots of important features missing...

What features do exist in ArgusEye?

• Read Argus logfiles (up to ~100,000 transactions) and display the records in a fully configurable view.
• Read tcpdump files (on-the-fly converting to Argus format).
• Management of remote Argi via SSH.
• Live transaction reading from an Argus sensor.
• A details view for each transaction.
• Hostname and whois lookups of IP addresses.

Supported Argus versions:

Support for argus-clients-2.0.6 has been dropped. The new 3.x clients have a better performance and you can still use them, to connect to your existing 2.x sensors.

Online Documentation is available!

If you have troubles running ArgusEye or see bugs, please drop me a line. Any other contribution (comments, feature requests...) is also very welcome. You can reach me at phil@datenspionage.de.

If you want to discuss the Argus suite in general you can do this at the Argus mailing lists.

ArgusEye is Free Software, licensed under the GNU Public License Version 2.

You can download the current version, without charge and at your own risk, using the following link:

Download arguseye-0.0.6.tgz     ( MD5 | SHA1 )

Changelog is here.