pmacct is a small set of multi-purpose passive network monitoring tools.

pmacct is a small set of multi-purpose passive network monitoring tools.

pmacct is a small set of multi-purpose passive network monitoring tools. It can account, classify, aggregate, replicate and export forwarding-plane data, ie. IPv4 and IPv6 traffic; collect and correlate control-plane data via BGP and BMP; collect infrastructure data via Streaming Telemetry. Each component works both as a standalone daemon and as a thread of execution for correlation purposes (ie. enrich NetFlow with BGP data).

pmacct client 1.7.0-git (20170916-01)

pmacct main features are:
* Suitable to ISP, IXP, CDN, IP carrier, Cloud, DC and hot-spots enviroments and SDN solutions
* Runs on Linux, BSDs, Solaris and embedded systems
* Support for both IPv4 and IPv6
* Collects data through libpcap, Netlink/NFLOG, NetFlow v1/v5/v7/v8/v9, sFlow v2/v4/v5 and IPFIX
* Collects Streaming Telemetry data (from 1.6.0)
* Supports Cisco NEL for CGNAT scenarios and Cisco NSEL
* Saves data to a number of backends including:
+++ Relational databases: MySQL, PostgreSQL and SQLite
+++ noSQL databases: MongoDB and BerkeleyDB
+++ AMQP message exchanges: RabbitMQ
+++ Kafka message brokers
+++ memory tables
+++ flat files
* Exports data to remote collectors through IPFIX, NetFlow v5/v9 and sFlow v5
* Replicates incoming IPFIX, NetFlow and sFlow packets to remote collectors
* Flexible architecture to tag, filter, redirect, aggregate and split captured data Comes with:
+++ a BGP daemon/thread for efficient visibility into the inter-domain routing plane. Read more here.
+++ Supports BGP/MPLS VPNs rfc4364, Label Unicast rfc3107
+++ Supports BGP ADD-PATHs (draft-ietf-idr-add-paths) for visibility of BGP multi-path routes
++++ Can log live BGP messaging and/or dump BGP tables per peer at regular time interval
+++ a BMP daemon/thread to gain insight in BGP data, events and statistics
+++ an IS-IS/IGP daemon/thread for visibility of internal routes
* Packet classification via nDPI (from 1.7.0)
* Inspection of tunnelled traffic (ie. GTP)
* GeoIP lookups leveraging Maxmind library
* Pluggable architecture for easy integration of new capturing environments and data backends
* Careful SQL support: data pre-processing, triggers, dynamic table naming
* It’s free, open-source, developed and supported with passion and open mind for more than 10 years

Usage and build:

Source: https://github.com/pmacct