pmacct is a small set of passive network monitoring tools to account, filter, classify, aggregate, and export IPv4 and IPv6 traffic. A pluggable and flexible architecture allows storing collected network data in memory tables, RDBMSs (MySQL, SQLite, PostgreSQL, BDB), and flat files, and also export via IPFIX, NetFlow, or sFlow protocols to remote collectors. pmacct features fully customizable historical data breakdown, sampling, BGP correlation, tagging, and triggers. Libpcap, ULOG, sFlow v2/v4/v5, NetFlow v1/v5/v7/v8/v9, and IPFIX are supported data capturing methods.
|Tags||Networking Monitoring Internet Log Analysis Systems Administration|
Release Notes: This release integrates an IS-IS daemon that is being run as a parallel thread within the collector core process; the project opens to MongoDB, a leading noSQL document-oriented database, via a new 'mongodb' plugin. Support for GeoIP lookups is being introduced: geoip_ipv4 and geoip_ipv6 config directives now allow loading Maxmind IPv4/IPv6 GeoIP database files. New sampling_rate and etype traffic aggregation primitives are added to the set. Support for samples generated on ACL matches in Brocade is also introduced. Several bugfixes are also included in this release.
Release Notes: This release integrates an IS-IS daemon, which is being run as a parallel thread within the collector core process. It implements a single L2 P2P neighborship, i.e. over a GRE tunnel, P2P Hello, CSNP, and PSNP, and does not send any LSP information out. A new aggregation primitive 'etype' is introduced in order to support accounting against the EtherType field of Ethernet frames. Support for samples generated on ACL matches in Brocade (sFlow sample type: Enterprise: #1991, Format: #1) is now also introduced. Several bugfixes are also included in this release.
Release Notes: The BGP daemon now features an implementation of BGP/MPLS VPNs (rfc4364): it correlates <router IP, input/output interfaces ifIndex)> couples to Route Distinguisher (RD) values. The print plugin can now write network traffic data to flat-files (print_output_file) featuring formatted or CSV output, dynamic filenames, historical breakdown, and triggers. pmacctd now supports the DLT_LOOP link-type (i.e. OpenBSD tunnel interfaces). Several enhancements to the uacctd daemon and other minor new features and miscellaneous fixes are included.
Release Notes: A sampling_map feature has been introduced, allowing definition of static traffic sampling mappings. Further work on the NetFlow v9/IPFIX sampling includes support for 16 bits SAMPLER_IDs (seen against IOS-XR) and support for (FLOW)_SAMPLING_INTERVAL fields as part of the NetFlow v9/IPFIX data record. [ns]facctd_as_new and [ns]facctd_net both feature a new "fallback" option to look up BGP-related primitives against BGP first and, if not successful, against the export protocol. Other minor new features and misc. fixes are also included in this release.
Release Notes: IPFIX (IETF IP Flow Information Export protocol) probe, replication, and collector capabilities have been introduced. Support for BerkeleyDB 5.x via the SQLite3 plugin has been added. It is now possible to get BGP-related traffic primitives (AS Path, local preference, communities, etc.) from a slow Extended Gateway object. Support has been introduced for NetFlow v9/IPFIX source and destination peer ASN field types 128 and 129. The pmacct client is now able to produce Comma-Separated Values (CSV) output in addition to formatted-text output, easing integration with 3rd party tools.