pmacct is a small set of passive network monitoring tools to account, filter, classify, aggregate, and export IPv4 and IPv6 traffic. A pluggable and flexible architecture allows storing collected network data in memory tables, RDBMSs (MySQL, SQLite, PostgreSQL, BDB), and flat files, and also export via IPFIX, NetFlow, or sFlow protocols to remote collectors. pmacct features fully customizable historical data breakdown, sampling, BGP correlation, tagging, and triggers. Libpcap, ULOG, sFlow v2/v4/v5, NetFlow v1/v5/v7/v8/v9, and IPFIX are supported data capturing methods.
|Tags||Networking Monitoring Internet Log Analysis Systems Administration|
Release Notes: Introduces custom-defined aggregation primitives in libpcap and ULOG daemons; enhances custom-defined aggregation primitives in NetFlow daemon to support variable-length fields. Introduces pro rating of NetFlow/IPFIX flows if historical accounting is enabled. Batching ofBGP sessions has also been introduced, preventing massive synchronization of resource consumption. New primitives mpls_top_label, mpls_bottom_label, and mpls_stack_depth have been implemented. The GTP tunnel handler now supports inspection of GTPv1 in the libpcap daemon. This release also includes a number of bugfixes.
Release Notes: Custom-defined aggregation primitives for NetFlow v9/IPFIX protocols are introduced. Pervasive JSON output and a new RabbitMQ plugin have also been added. Support for Cisco ASA NSEL was re-introduced. The set of MPLS aggregation primitives was broadened to better support L3 MPLS VPNs to include mpls_label_top, mpls_label_bottom, mpls_stack_depth, and mpls_vpn_rd. The Print plugin, which writes traffic stats to flat files, now supports creation of intermediate directory levels and appending. Support for MongoDB was improved with indexing and authentication. This release also includes a number of bugfixes.
Release Notes: The pmacct tee plugin now features a tee_receivers configuration directive to allow multiple receivers to be defined. Receivers can be grouped for load-balancing and filtering purposes, and the set of receivers can be reloaded at runtime. A new set of primitives have been introduced to support CGN (Carrier Grade NAT) scenarios via Cisco NEL (NetFlow Event Logging). The BGP daemon now supports IPv6 NLRI and IPv6 BGP next-hop elements for rfc4364 BGP/MPLS Virtual Private Networks. MongoDB plugin scalability has improved. Several bugfixes are also included in this release.
Release Notes: This release integrates an IS-IS daemon that is being run as a parallel thread within the collector core process; the project opens to MongoDB, a leading noSQL document-oriented database, via a new 'mongodb' plugin. Support for GeoIP lookups is being introduced: geoip_ipv4 and geoip_ipv6 config directives now allow loading Maxmind IPv4/IPv6 GeoIP database files. New sampling_rate and etype traffic aggregation primitives are added to the set. Support for samples generated on ACL matches in Brocade is also introduced. Several bugfixes are also included in this release.
Release Notes: This release integrates an IS-IS daemon, which is being run as a parallel thread within the collector core process. It implements a single L2 P2P neighborship, i.e. over a GRE tunnel, P2P Hello, CSNP, and PSNP, and does not send any LSP information out. A new aggregation primitive 'etype' is introduced in order to support accounting against the EtherType field of Ethernet frames. Support for samples generated on ACL matches in Brocade (sFlow sample type: Enterprise: #1991, Format: #1) is now also introduced. Several bugfixes are also included in this release.