On 10 Apr 2006, at 17:29, Joachim Schipper wrote: >> The only problem here is that I'm running 3.6 and pmacct requires >> libpcap >= 0.6, and 0.3 is what I have. I can't do an upgrade at the >> moment, there's too many variables, but if I were to build libpcap >> from source, would it clobber the version that's currently installed >> and break other programs? > > The OpenBSD libpcap is a pretty heavily hacked version - most > should be > in it.
It appears to be missing the function pcap_open_dead(), so I presume the 3.6 libpcap version is a touch behind the 0.6 version that pmacct requires. > Of course, that looks like it's time for a port. ;-) > Or just go with pfflowd, or somesuch. I already had a nice little system setup using pmacct to dump data into an SQL db. It would seem that using pfflowd and flowd together could replace that part of the system, and the data analysis part remains the same. The only difference here is that pfflowd would capture traffic at the firewall stage, whereas pmacct captures it directly at the interface. A little more glue required, but it could be made to do the same job. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
