On Fri 21 Jul 2006 09:33, Jaime Nebrera wrote: > Hi all, > > This is my first email to the list as I just discovered what seems a > wonderful tool.
Welcome to the party! > I have been reading the site deepelly but as I'm not a tech guy (more > of a management guy) well, have not looked into testing yet. > > From what I understand, pmacct can work as a network sniffer and store > its data both in RAM tables or SQL. But I dont see if it can work as a > more standard NetFlow probe and "send" the data to an external system to > store and process it. This functionality was added but Paolo yesterday (Both sflow and netflow). You need to use pmacct 0.11.0rc1 (or higher). > Secondly, I see its compatible with all NetFlow and sFlow versions. > Thats impressive as the tool we are currently using (flow tools) only > supports NFv5. Does this mean it can work as a collector (server) for > NetFlow enabled devices? Does this with the same software or you have a > different daemon for this? Yes. Same software, different daemon (called nfacctd). If you use my SUSE packages they install startup scripts and example config files for you all ready to go :-) > One of the things that has really impressed me is that you already > have some state machine and pattern matching code to detect some > confiltive apps like FTP or even better, SIP, P2P, etc. Are this > features available only in the "probe" software or also in the "server" > software? These should work in both, although I dont use them myself. > And last, is the "probe" software small enough to be run in a small > device? (not exactly an embeddded device but a not hugelly powerfull > platform). Of course, the better the hardware, the more traffic you can > analyse but still interesting to do so with smaller resources :) We are > currently using nprobe from ntop with very good success but lacks some > of the features pmacct seems to have. As long as you don't run an SQL server on your "small device" it should work fine :-) > Well, this is it. If I have the right feeling we could end up using > this tool very soon and we will devote some people to help develop the > project. We have some experience in this and can give some ideas that we > have used for a flowtools based platform. Also, some students do their > diploma jobs with us, so we could just put some of them to work in > improving this. > > Veryt thankful in advance. GOOD JOB !!! 99% of the work is done by someone we like to call SuperPaolo :-) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpaoISadl9eu.pgp
Description: PGP signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
