VERSION. 0.8.3
DESCRIPTION. pmacct is a small set of tools to account and aggregate IPv4 and IPv6 traffic; aggregation revolves around the key concept of primitives (VLAN id, source and destination MAC addresses, hosts, networks, AS numbers, ports, IP protocol and ToS/DSCP field are supported) which may be employed alone or arbitrarily combined with others to form complex aggregation methods; support for custom historical breakdown, packet tagging, filtering and sampling. Aggregates can be stored into memory tables, SQL databases (MySQL or PostgreSQL) or simply pushed to stdout. Data is collected either using libpcap (and optionally promiscuous mode of the listening interface) or reading Netflow v1/v5/v9 packets coming from the network. HOMEPAGE. http://www.ba.cnr.it/~paolo/pmacct/ DOWNLOAD. http://www.ba.cnr.it/~paolo/pmacct/pmacct-0.8.3.tar.gz CHANGELOG. + Pre-Tagging capabilities have been further enhanced: captured traffic can be now marked basing on the NetFlow nexthop/BGP nexthop fields. While the old NetFlow versions (v1, v5) carry an unique 'nexthop' field, NetFlow v9 supports them into two distinguished fields. + Packet/flows tagging is now explicit, gaining more flexibility: a new 'tag' keyword has been added to the 'aggregate' directive. It causes the traffic to be actually marked; the 'pre_tag_map' and 'post_tag' directives now just evaluate the tag to be assigned. Read further details about this topic in the UPGRADE document. + The 'pre_tag_filter' directive now accepts 0 (zero) as valid value: we have to remember that zero is not a valid tag; hence, its support allows to split or filter untagged traffic from tagged one. + Documentation has been expanded: a new FAQS entry now describes few and easy tweaks needed to replace the bytes counter type from u_int32_t to u_int64_t throughout the code (provided that the OS supports this type); it's useful in conjunction with the In-Memory plugin while exposed to very sustained traffic loads. A new FAQS entry describes the first efforts aimed to integrate pmacctd with popular flow-tools software by the way of the flow-export tool. A new UPGRADE document has been also created. ! pmacct client was handling counters returned by the '-N' switch as signed integers, which is not correct. The issue has been fixed. Many thanks to Tobias Bengtsson for signalling it. ! Two new routines file_lock()/file_unlock() have replaced the flock() calls because they were preventing the pmacct code to compile on Solaris. Basing over hints collected at configure time, the routines enable either the flock() or fcntl() code. Many thanks to Jan Baumann for signalling and solving the issue. NOTES. Are you actively using either Pre-Tagging or Post-Tagging ? Take a look to the 'UPGRADE' document before running the new executable ! Cheers, Paolo
