pmacct 0.14.3 / 1.5.0 RC 3
Passive network monitoring tools to measure, account, aggregate, classify, and export IPv4 and IPv6 traffic
Often SNMP counters do not help because of their coarse granularity; traffic mirroring, NetFlow and sFlow break this barrier by offering data at a finer granularity, ie. intercepting logical entities of greater interest such as Autonomous Systems, departmental or customer networks or just specific traffic flows.
But actual high-speed large-scale networks are able to produce, in very short times, high amounts of data that become quickly difficult to be processed. In this context, traffic aggregation and advanced filtering and sampling capabilities become key requirements.
pmacct is an open source and small set of passive network monitoring tools to measure, account, classify, export and aggregate IPv4 and IPv6 traffic.
Either using memory or SQL tables as backend storage, pmacct can easily feed data into external tools including RRDtool, GNUPlot, Net-SNMP, MRTG and Cacti among the others.
Little scripting abilities are required and a number of sample scripts, contributions, web frontends and some tutorials are already available.
- Runs on OS X, Linux, BSDs, Solaris and embedded systems
- Support for both IPv4 and IPv6
- Collects data through libpcap, NetFlow v1/v5/v7/v8/v9 and sFlow v2/v4/v5
- Saves data to a number of backends including memory tables, MySQL, PostgreSQL and SQLite
- Exports data to remote collectors through NetFlow v5/v9 and sFlow v5 (from 0.11.x)
- Flexible architecture to tag, filter, redirect, aggregate and split captured data
- Traffic streams classification. Read more here (from 0.10.x)
- Support for packet and flow sampling and renormalization
- Pluggable architecture for easy integration of new capturing environments and data backends
- Careful SQL support: data pre-processing, triggers, recovery methods, dynamic table naming
In a hurry? Add it to your Download Basket!
What's New in version 1.5.0 RC 3
- BGP daemon: support for BGP ADD-PATH capability draft-ietf-idr-add-paths has been introduced, useful to advertise known paths when BGP multi-path is enabled in a network. The correct BGP info is linked to traffic data using BGP next-hop (or IP next-hop if use_ip_next_hop is set to true) as selector among the paths available.
- pre_tag_map: de-globalized the feature so that, while Pre-Tagging is evaluated in the Core Process, each plugin can be defined a own/local pre_tag_map.
- maps_row_len: directive introduced to define the maximum length of map (ie. pre_tag_map) rows. The default value is suitable for most scenarios, though tuning it could be required either to save on memory or to allow for longer entries (ie. filters).
- Introduced use_ip_next_hop config directive: when IP prefix aggregation (ie. nfacctd_net) is set to 'netflow', 'sflow' or 'fallback' populate 'peer_dst_ip' field from NetFlow/sFlow IP next hop field if BGP next-hop is not available.