The Argus open source project is about generating the best network awareness data possible, and enabling the use of that data to solve problems. That is where the Argus System comes in play. To get value out of argus data, you need to not only generate it, but you need to collect it, enhance it, filter it, aggregate it, compress it, index it, minimize it, print it out in csv, json, or xml, put it in a database, even anonymize it.
Argus currently has programs that perform all of these functions, and can be used to do a lot of data management, analytics and processing, but there is always room for more. Argus system development is pretty wide open, and we welcome most if not all contributions.
The Argus project invites you to contribute to the effort !!!
Developing Argus System Components involves reading, processing and writing Argus data through the argus-clients library packages. We highly recommend that you use the library because the data formats are pretty complex. Each flow record is a composite of flow data record elements, which have versioning, and dynamic compression to minimize record size on the wire and in files. The library also handles a number of file compression methods, and there is on-the-wire encryption support.
The principle example is ra.1, and is a good starting point for anyone wanting to write an argus data processing program. This program reads data, provides record filtering and stripping (a form of data minimization), and either prints the contents or writes the contents to another file. It is a simple program based on the library, and so the amount of code needed is rather small.
Ra.1 is a part of the core clients, a set of simple programs that represent basic flow processing. Modeled after basic Unix commands, like sort.1, split.1, cat.1 ... these core clients supporting printing, sorting, minimizing, splitting, aggregating, anonymizing, and distributing Argus data.
A really important program is racluster.1. This program provides for argus data aggregation, and is the first program that you will want to master in the suite. Aggregation is the method used to generate almost every report you will ever want to generating from Argus data. If you want the list of active ethernet addresses in a particular VLAN for last Friday, you'll use racluster.1. If you are interested in what services are being used on a given host, you'll use racluster.1. It is the Swiss Army knife of flow data.
Also an important program is radium.1, the argus data distribution node. radium.1 reads and writes argus data files or streams. Using radium.1 as a starting point is a great way to improve the Argus System group, and avoids the problems of dealing with the Argus data formats, especially encrypted argus data, and wire-line compression.
The kind of programs that need to be worked on is endless. If you're interested, but on your data boots and jump in.