More than a plugin, i may recommend looking at the custom primitives
framework, ie. aggregate_primitives config directive. For pmacctd it
contemplates offsets to L2, L3 and L4. You may want/need to extend
the to do the same with L7 - with peculiarities of L7, ie. not just
relying on offsets. If this sounds of interest, i propose to reconvene
1:1 to see what would be a sensible way forward.
On Wed, Oct 26, 2016 at 09:36:54PM +0000, Bryan Cantwell wrote:
> I've just begun looking at pmacct and I wonder if there is already a plugin
> that allows for more of a deep packet inspection so that I could pull out
> URLs and other information that is available in http traffic I am seeing?
> Bryan Cantwell | SVP Technology
> www.firescope.com<http://www.firescope.com> | Office: 214.296.9243 x452 |
> Mobile: 214.683.9646
> pmacct-discussion mailing list
pmacct-discussion mailing list