VERSION. 0.10.0rc1
DESCRIPTION. pmacct is a small set of passive network monitoring tools to measure, account, classify and aggregate IPv4 and IPv6 traffic; a pluggable and flexible architecture allows to store the collected traffic data into memory tables or SQL (MySQL, SQLite, PostgreSQL) databases. pmacct supports fully customizable historical data breakdown, flow sampling, filtering and tagging, recovery actions, and triggers. Libpcap, sFlow v2/v4/v5 and NetFlow v1/v5/v7/v8/v9 are supported, both unicast and multicast. Also, a client program makes it easy to export data to tools like RRDtool, GNUPlot, Net-SNMP, MRTG, and Cacti. HOMEPAGE. http://www.ba.cnr.it/~paolo/pmacct/ DOWNLOAD. http://www.ba.cnr.it/~paolo/pmacct/pmacct-0.10.0rc1.tar.gz CHANGELOG. + PACKET CLASSIFICATION capabilities have been introduced into pmacctd: the implemented approach is fully extensible: classification patterns are based on regular expressions (RE), human-readable, must be placed into a common directory and have a .pat file extension. Many patterns for widespread protocols are available at L7-filter project homepage. To support this feature, a new 'classifiers' configuration directive has been added. It expects full path to a spool directory containing the patterns. + A new 'sql_aggressive_classification' directive has been added aswell: it allows to move unclassified packets even in the case they are no more cached by the SQL plugin. This aggressive policy works by firing negative UPDATE SQL queries that, whenever successful, are followed by positive ones charging the extra packets to their final class. ! Input and Output interface fields (Pre-Tagging) have been set to be 32 bits wide. While NetFlow is ok with 16 bits, some sFlow agents are used to bigger integer values in order to identify their interfaces. The fix is courtesy of Aaron Glenn. Thank you. ! Flow filtering troubles have been noticed while handling MPLS-tagged flows inside NetFlow v9 datagrams. Thanks to Nitzan Tzelniker for his cooperation in solving the issue. ! A new exit_all() routine now handles nicely fatal errors detected by the Core Process, after plugins creation. It avoids leaving orphan plugins after the Core Process shutdown. Cheers, Paolo