pmacct is a small set of passive network monitoring tools to measure, account and aggregate IPv4 and IPv6 traffic; aggregation revolves around the key concept of primitives (VLAN id, source and destination MAC addresses, hosts, networks, AS numbers, ports, IP protocol and ToS/DSCP field are supported) which may be arbitrarily combined to build custom aggregation methods; support for historical data breakdown, triggers and packet tagging, filtering, sampling.
Aggregates can be stored into memory tables, SQL databases (MySQL or PostgreSQL) or simply pushed to stdout. Data is collected either using libpcap (and optionally promiscuous mode of the listening interface) or reading Netflow v1/v5/v7/v8/v9 packets coming from the network.
IP accounting is the key for a range of operations like billing, pricing models application, live or historical traffic analysis, network thresholds handling, provisioning and SLA monitoring. Taking SNMP counters from network equipments sometime is not this useful because of their coarse granularity.
Finer granularities become valuable if available data match logical entities of interest such as Autonomous Systems, either departmental or customer networks, specific traffic flows, etc. and can be encapsulated into arbitrary timeframes (also referred as
However, actual large-scale networks are able to produce, in very short times, high amounts of data that become quickly difficult to be processed in a meaningful way. In this context, traffic aggregation and filtering capabilities are requirements that cannot be missed.
Either using memory or SQL tables as backend storage, pmacct can also easily feed data to tools like MRTG, RRDtool and Gnuplot among the others. A little scripting abilities are required to glue pmacct with external tools and a few sample scripts are already included.
Product's homepage
What's New in This Release: [ read full changelog ]
· This version integrates an IS-IS daemon, which is being run as a parallel thread within the collector core process.
· It implements a single L2 P2P neighborship, i.e. over a GRE tunnel, P2P Hello, CSNP, and PSNP, and does not send any LSP information out.
· A new aggregation primitive 'etype' is introduced in order to support accounting against the EtherType field of Ethernet frames.
· Support for samples generated on ACL matches in Brocade (sFlow sample type: Enterprise: #1991, Format: #1) is now also introduced.
· Several bugfixes are also included in this release.
Find us on Google+
