VERSION. 0.8.8
DESCRIPTION. pmacct is a small set of passive network monitoring tools to measure, account and aggregate IPv4 and IPv6 traffic; aggregation revolves around the key concept of primitives (VLAN id, source and destination MAC addresses, hosts, networks, ports, AS numbers, IP protocol and ToS/DSCP field are supported) which may be arbitrarily combined to build custom aggregation methods; support for historical data breakdown, triggers and packet tagging, filtering, sampling. Aggregates can be stored into memory tables, SQL databases (MySQL or PostgreSQL) or simply pushed to stdout. Data is collected either using libpcap (and optionally promiscuous mode of the listening interface) or reading Netflow v1/v5/v7/v8/v9 packets coming from the network. HOMEPAGE. http://www.ba.cnr.it/~paolo/pmacct/ DOWNLOAD. http://www.ba.cnr.it/~paolo/pmacct/pmacct-0.8.8.tar.gz CHANGELOG. + Added IP flows support in pmacctd (release 0.8.5 has seen its introduction in nfacctd) for both IPv4 and IPv6 handlers. To enable flows accounting, the 'aggregate' directive now supports a new 'flows' keyword. The SQL table v4 has to be used in order to support this feature in both SQL plugins. + A new 'sum_mac' aggregation method has been added (this is in addition to the already consolidated ones: 'sum_host', 'sum_net', 'sum_as', 'sum_port'). Sum is intended to be the total traffic (inbound traffic summed to outbound one) produced by a specific MAC address. + Two new configuration directives have been introduced in order to set an upper bound to the growth of the fragment (default: 4Mb) and flow (default: 16Mb) buffers: 'pmacctd_frag_buffer_size', 'pmacctd_flows_buffer_size'. + A new configuration directive 'pmacctd_flow_lifetime' has been added and defines how long a flow could remain inactive (ie. no packets belonging to such flow are received) before considering it expired (default: 60 secs). This is part of the pmacctd IP flows support. + Console/syslog feedbacks about either generic errors or malformed packets have been greatly enhanced. Along with the cause of the message, now any generated message contains either the plugin name/type or the configuration file that is causing it. ! nfacctd: when IPv6 is enabled (on non-BSD systems) the daemon now listens by default on a IPv6 socket getting rid of the v4-in-v6 mapping feature which helps in receiving NetFlow datagrams from both IPv4 and IPv6 agents. A new configure script switch --enable-v4-mapped is aimed to turn manually on/off the feature. ! Fixed an issue with the SIGCHLD handling routine on FreeBSD 4.x systems. It was causing the sudden creation of zombie processes because of the not correct retirement of exited childs. Many thanks for his bug report and strong support go to John Von Essen. ! Fixed an endianess issue regarding Solaris/x86 platforms caused by not proper preprocessor tests. Many thanks to Imre Csatlos for his bug report. ! Fixed the default schema for the PostgreSQL table v4. The 'flows' field was lacking of the 'DEFAULT 0' modifier; it was causing some troubles expecially when such tables were used in conjunction with the 'sql_optimize_clauses' directive. Many thanks for his bug report and strong support go to Anik Rahman. NOTES. None. Cheers, Paolo
