Web Site : http://www.pmacct.net/
Type : Bandwidth METER & Bandwith Analyzer
Operating System : Red Hat Linux 7.x/8.x/9.x
Fedora Core 1/2/3
Slackware Linux 8.x/9.x
Gentoo Linux 1.4.x/1.6.x & Gentoo AMD64
SuSE Linux 9.x
Debian 3.x
Solaris 8/9/10 x86/sparc
FreeBSD 4.x/5.x x86
LEAF Bering-uClibc
Tru64 5.x
Write by : Fabien FAYE
IP accounting is key activity underlying popular ISP/IXP network operations like billing, graphing network resources usage, live or historical traffic trends analysis, management of network thresholds and SLA monitoring. Often SNMP counters do not help because of their coarse granularity; traffic mirroring, NetFlow and sFlow break this barrier by offering data at a finer granularity, ie. intercepting logical entities of greater interest such as Autonomous Systems, departmental or customer networks or just specific traffic flows. But actual high-speed large-scale networks are able to produce, in very short times, high amounts of data that become quickly difficult to be processed. In this context, traffic aggregation and advanced filtering and sampling capabilities become key requirements.
pmacct is a small set of passive network monitoring tools to measure, account, classify, aggregate and export IPv4 and IPv6 traffic; its main features are:
Summary
Dependancy LIBCAP or LIBPCAP_BUFFERRING (Must be install before the installation of PMACCT)
http://www.pmacct.net/pmacct-0.11.4.tar.gz | ChangeLog | FAQS | CONFIG-KEYS | Latest
Size: 422189 bytes | Date: 25-Apr-2007
http://www.pmacct.net/pmacct-0.11.3.tar.gz
Size: 417160 bytes | Date: 31-Jan-2007
http://www.pmacct.net/pmacct-0.11.2.tar.gz
Size: 411711 bytes | Date: 28-Nov-2006
http://www.pmacct.net/pmacct-0.11.1.tar.gz
Size: 419387 bytes | Date: 25-Oct-2006
When you have download the file :
cd pmacct-version
For a good installation of PMACCT follow this instructions but you can find more information about the install here
make install
Explication of installation options:
Usage: configure [options] [host]
Options: [defaults in brackets after descriptions]
Configuration:
Host type:--cache-file=FILE cache test results in FILE
--help print this message
--no-create do not create output files
--quiet, --silent do not print `checking...' messages
--version print the version of autoconf that created configure directory and file names:
--prefix=PREFIX install architecture-independent files in PREFIX [/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix]
--bindir=DIR user executables in DIR [EPREFIX/bin]
--sbindir=DIR system admin executables in DIR [EPREFIX/sbin]
--libexecdir=DIR program executables in DIR [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data in DIR [PREFIX/share]
--sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com]
--localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var]
--libdir=DIR object code libraries in DIR [EPREFIX/lib]
--includedir=DIR C header files in DIR [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc in DIR [/usr/include]
--infodir=DIR info documentation in DIR [PREFIX/info]
--mandir=DIR man documentation in DIR [PREFIX/man]
--srcdir=DIR find the sources in DIR [configure dir or ..]
--program-prefix=PREFIX prepend PREFIX to installed program names
--program-suffix=SUFFIX append SUFFIX to installed program names
--program-transform-name=PROGRAM run sed PROGRAM on installed program names
--build=BUILD configure for building on BUILD [BUILD=HOST]Features and packages:
--host=HOST configure for HOST [guessed]
--target=TARGET configure for TARGET [TARGET=HOST]
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--x-includes=DIR X include files are in DIR
--x-libraries=DIR X library files are in DIR
--enable and --with options recognized:
--enable-debug enable debugging compiler options
--disable-mmap disable mmap() shared memory
--disable-l2 disable Layer-2 features and support
--enable-ipv6 enable IPv6 code
--enable-v4-mapped allow IPv6 sockets to handle IPv4 connections
--with-pcap-includes=DIR Search the specified directories for header files
--with-pcap-libs=DIR Search the specified directories for libraries
--enable-mysql Enable MySQL support
--with-mysql-libs=DIR Search for MySQL libs in the specified directory
--with-mysql-includes=DIR Search for MySQL includes in the specified directory
--enable-pgsql Enable PostgreSQL support
--with-pgsql-libs=DIR Search for PostgreSQL libs in the specified directory
--with-pgsql-includes=DIR Search for PostgreSQL includes in the specified directory
Configuration OPTIONS:
You can find all information about the config option for PMACCT for the version 0.10.0 of PMACCT in this file : CONFIG-KEYS
The main option for PMACCTD are explain here :
aggregate
aggregate_filter
plugins
plugin_pipe_size
plugin_buffer_size
interface
imt_buckets
imt_mem_pools_number
networks_file
Mysql Configuration :
Example With MEMORY
!
! Did you know CONFIG-KEYS contains the detailed list of all configuration keys
! supported by 'nfacctd' and 'pmacctd' ?
!
! debug: true
syslog:daemon
interface: eth1
daemonize: true
promisc: true
aggregate: src_host,dst_host
plugins: memory
plugin_pipe_size:1024000
plugin_buffer_size:8192
imt_buckets: 65537
imt_mem_pools_size: 1024000
Example With MEMORY & aggregate Filter
! pmacctd configuration example
!
! Did you know CONFIG-KEYS contains the detailed list of all configuration keys
! supported by 'nfacctd' and 'pmacctd' ?
!
! debug: true
syslog:daemon
interface: eth1
daemonize: true
promisc: true
aggregate[inbound]: dst_host
aggregate[outbound]: src_host
aggregate_filter[inbound]: dst net 192.168.1.0/24
aggregate_filter[outbound]: src net 192.168.1.0/24
plugins: memory[inbound], memory[outbound]
plugin_pipe_size:1024000
plugin_buffer_size:8192
imt_buckets: 65537
imt_mem_pools_size: 1024000
Example With MYSQL & Multiple Plugins & aggregate Filter
! pmacctd configuration example
!
! Did you know CONFIG-KEYS contains the detailed list of all configuration keys
! supported by 'nfacctd' and 'pmacctd' ?
!
! debug: true
syslog:daemon
interface: eth1
daemonize: true
promisc: true
!plugins: memory
!aggregate: src_host,dst_host
sql_host:localhost
sql_user:pmacct
sql_passwd:pmacctpassword
sql_db:pmacctdb
sql_table_version:1
aggregate[inbound1]: dst_host
aggregate[outbound1]: src_host
aggregate_filter[inbound1]: dst net 192.168.1.0/19
aggregate_filter[outbound1]: src net 192.168.1.0/19
aggregate[inbound2]: dst_host
aggregate[outbound2]: src_host
aggregate_filter[inbound2]: dst net 192.168.50.0/23
aggregate_filter[outbound2]: src net 192.2168.50/23
aggregate[inbound3]: dst_host
aggregate[outbound3]: src_host
aggregate_filter[inbound3]: dst net 192.168.100.0/22
aggregate_filter[outbound3]: src net 192.168.100.0/22
aggregate[inbound4]: dst_host
aggregate[outbound4]: src_host
aggregate_filter[inbound4]: dst net 192.168.200.0/21
aggregate_filter[outbound4]: src net 192.168.200.0/21
plugins: mysql[inbound1], mysql[outbound1],mysql[inbound2], mysql[outbound2],mysql[inbound3], mysql[outbound3],mysql[inbound4], mysql[outbound4]
plugin_pipe_size:1024000
plugin_buffer_size:8192
sql_table[inbound1]: acct_ineth1
sql_table[outbound1]: acct_outeth1
sql_table[inbound2]: acct_ineth1
sql_table[outbound2]: acct_outeth1
sql_table[inbound3]: acct_ineth1
sql_table[outbound3]: acct_outeth1
sql_table[inbound4]: acct_ineth1
sql_table[outbound4]: acct_outeth1
!sql_refresh_time:300
sql_history:5m
sql_history_roundoff: m
imt_buckets: 65537
imt_mem_pools_size: 1024000
Other Example :
PMACCT:
IMT
Multiple plugins
Mysql & Postgresql v1
Mysql & Postgresql v2
NFACCTD:
Print
Mysql & Postgresql v1
Mysql & Postgresql v2
How to use PMACCT pmacct, pmacct client 0.9.5
Start Deamon
Usage: pmacct [query]
Queries:
-s collect full table statistics
-N [matching data[';' ... ]] | ['file:'[filename]]
match actual data; print counter(s) only
-n [bytes|packets|flows|all]
select counter to print (applies to -N)
-S Sum counters instead of returning a single counter for each request (applies to -N)
-M [matching data[';' ... ]] | ['file:'[filename]]
match actual data; print formatted table
-a display all table fields (even those currently unused)
-c [src_mac|dst_mac|vlan|src_host|dst_host|src_port|dst_port|tos|proto|src_as|dst_as|
|sum_mac|sum_host|sum_net|sum_as|sum_port|tag|flows]
select primitives and flows (required by -N and -M)
-e clear statistics
-r reset counters for the matched entries (applies to either -N or -M)
-t check table status
-p [file]
socket for client-server communication (DEFAULT: /tmp/collect.pipe)
See EXAMPLES file in the distribution for examples
For suggestions, critics, bugs, contact me: Paolo Lucente .
If you used a memory config src_host & dst_host:
SRC IP DST IP PACKETS BYTES
192.168.1.93 4.23.190.230 1 76
192.168.1.93 216.52.237.153 1 76
216.52.237.153 192.168.1.93 1 76
83.64.122.171 192.168.1.93 1 76
192.168.1.210 192.168.1.105 3 204
192.168.1.93 130.236.254.102 1 76
4.23.190.230 192.168.1.93 1 76
130.236.254.102 192.168.1.93 1 76
192.168.1.93 83.64.122.171 1 76
pmacct -s
SRC IP DST IP SRC PORT DST PORT PACKETS BYTES
216.52.237.153 192.168.1.93 123 33008 1 76
80.92.65.19 192.168.1.93 80 45051 184 257286
192.168.1.93 80.92.65.19 45046 80 2 104
192.168.1.78 192.168.1.255 138 138 1 229
192.168.1.93 192.168.1.33 33017 53 2 127
192.168.1.93 192.168.1.33 57851 5223 1 52
192.168.1.33 192.168.1.93 5223 57851 1 269
192.168.1.9 192.168.1.93 80 44948 50 26369
82.219.3.129 192.168.1.93 123 33006 1 76
192.168.1.58 192.168.1.255 137 137 18 1404
192.168.1.93 80.92.66.110 53479 80 4 798
192.168.1.9 192.168.1.93 80 44949 4 814
80.92.66.110 192.168.1.93 80 53478 21 24104
192.168.1.93 82.219.3.129 33006 123 1 76
192.168.1.93 192.168.1.9 44949 80 6 1297
United States : 
Unknown Browser
