pmacct
pmacct is a small set of passive network monitoring tools to measure, account, classify, aggregate, and export IPv4 and IPv6 traffic. A pluggable and flexible architecture allows collected network data to be stored into memory tables or SQL (MySQL, SQLite, PostgreSQL) databases and exported through NetFlow or sFlow protocols to remote collectors. pmacct supports fully customizable historical data breakdown, flow sampling, filtering and tagging, recovery actions, and triggers. Libpcap, sFlow v2/v4/v5 and NetFlow v1/v5/v7/v8/v9 are supported.
| Tags | Networking Monitoring Internet Log Analysis Systems Administration |
|---|---|
| Licenses | GPL |
Recent releases
- 07 Apr 2009 21:46
Changes: This release introduces support for tag ranges into the Pre-Tagging infrastructure. tcpdump-style filters, e.g. 'aggregate_filter', now support indexing within a packet, e.g. 'ether[12:2]', to allow more flexible separation of the traffic. There are fixes to libpcap, sFlow, and NetFlow collectors, the MySQL plugin, stream classification, and IPv6 code.
- 24 Jul 2008 12:04
Changes: The SQL UPDATE query code has been rewritten for increased flexibility. A new sql_locking_style directive, row or table granularity, is now supported in the MySQL plugin. Support for Endace DAG cards was introduced. The Linux cooked device (DLT_LINUX_SLL) handler has been enhanced by supporting 'src_mac' and 'vlan' aggregation primitives. A number of bugs have been fixed.
- 27 Apr 2007 16:26
Changes: Support for TCP flags has been introduced. Flags are ORed on a per-aggregate basis. A new nfacctd_sql_log directive enables the use of NetFlow's First and Last Switched values as timeslot delimiters. sfprobe and nfprobe plugins are now able to propagate tags to remote collectors through sFlow v5 and NetFlow v9 protocols. pmacct memory client features a new '-T' command line switch to output either TopN statistics. The 'pre_tag_map_entries' configuration directive now allows you to dynamically allocate the Pre-Tagging map. There are miscellaneous bugfixes.
- 31 Jan 2007 17:25
Changes: The 'aggregate_filter' directive now supports multiple (up to 128) pcap-style filters per-plugin. Turn-back time when restarting the daemons has been significantly improved by creating sockets with the SO_REUSEADDR option and disassociating them first thing on receiving a SIGINT signal. A new threaded version of the pmacctd stream classification engine is also being introduced. The new [ns]facctd_disable_checks directives aim to disable health checks over incoming NetFlow/sFlow streams (in cases of non-standard vendor's implementations). Bugfixes and updated documentation.
- 28 Nov 2006 14:20
Changes: A few new config keys are being introduced: 'sql_max_writers' sets the maximum number of concurrent writer processes the SQL plugin can fire, allowing the daemon to degrade gracefully; and 'sql_history_since_epoch' enables the use of timestamps (stamp_inserted, stamp_updated) in the standard seconds since the Epoch format. 'sql_aggressive_classification' behaviour has changed to be simpler and more effective. It now delays cache-to-DB purge of unknown traffic streams, which would still have chances to be correctly classified, for a few 'sql_refresh_time' slots.
