GenerationIP

Just for you

  • Increase font size
  • Default font size
  • Decrease font size
Home Documentation Howto pmacct create by Paolo Lucente

pmacct create by Paolo Lucente

E-mail Print PDF
User Rating: / 3
PoorBest 

Web Site : http://www.pmacct.net/

Type : Bandwidth METER & Bandwith Analyzer
Operating System : Red Hat Linux 7.x/8.x/9.x
Fedora Core 1/2/3
Slackware Linux 8.x/9.x
Gentoo Linux 1.4.x/1.6.x & Gentoo AMD64
SuSE Linux 9.x
Debian 3.x
Solaris 8/9/10 x86/sparc
FreeBSD 4.x/5.x x86
LEAF Bering-uClibc
Tru64 5.x

IP accounting is key activity underlying popular ISP/IXP network operations like billing, graphing network resources usage, live or historical traffic trends analysis, management of network thresholds and SLA monitoring. Often SNMP counters do not help because of their coarse granularity; traffic mirroring, NetFlow and sFlow break this barrier by offering data at a finer granularity, ie. intercepting logical entities of greater interest such as Autonomous Systems, departmental or customer networks or just specific traffic flows. But actual high-speed large-scale networks are able to produce, in very short times, high amounts of data that become quickly difficult to be processed. In this context, traffic aggregation and advanced filtering and sampling capabilities become key requirements.

pmacct is a small set of passive network monitoring tools to measure, account, classify, aggregate and export IPv4 and IPv6 traffic; its main features are:

 


Summary

  • How to install PMACCT
  • How to Configure PMACCT
  • How to use PMACCT

  • How to install PMACCT

    Dependancy LIBCAP or LIBPCAP_BUFFERRING (Must be install before the installation of PMACCT)

    You must download the archive of the installation :

    http://www.pmacct.net/pmacct-0.11.4.tar.gz | ChangeLog | FAQS | CONFIG-KEYS | Latest
    Size: 422189 bytes | Date: 25-Apr-2007

    http://www.pmacct.net/pmacct-0.11.3.tar.gz
    Size: 417160 bytes | Date: 31-Jan-2007

    http://www.pmacct.net/pmacct-0.11.2.tar.gz
    Size: 411711 bytes | Date: 28-Nov-2006

    http://www.pmacct.net/pmacct-0.11.1.tar.gz
    Size: 419387 bytes | Date: 25-Oct-2006

    cd /home/user

    When you have download the file :
    wget http://www.generationip.com/docs/pmacct/archive/pmacct-0.10.0rc2.tar.gz

    You must extract all files in a directory.

    tar -zxvf pmacct-version.tar.gz
    cd pmacct-version

    For a good installation of PMACCT follow this instructions but you can find more information about the install here

    ./configure --exec-prefix=/usr --mandir=/usr/local/man --enable-mysql
    make install

    Explication of installation options:

    Configuration:
    Usage: configure [options] [host]

    Options: [defaults in brackets after descriptions]

    Configuration:

    --cache-file=FILE cache test results in FILE
    --help print this message
    --no-create do not create output files
    --quiet, --silent do not print `checking...' messages
    --version print the version of autoconf that created configure directory and file names:
    --prefix=PREFIX install architecture-independent files in PREFIX [/usr/local]
    --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix]
    --bindir=DIR user executables in DIR [EPREFIX/bin]
    --sbindir=DIR system admin executables in DIR [EPREFIX/sbin]
    --libexecdir=DIR program executables in DIR [EPREFIX/libexec]
    --datadir=DIR read-only architecture-independent data in DIR [PREFIX/share]
    --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]
    --sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com]
    --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var]
    --libdir=DIR object code libraries in DIR [EPREFIX/lib]
    --includedir=DIR C header files in DIR [PREFIX/include]
    --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include]
    --infodir=DIR info documentation in DIR [PREFIX/info]
    --mandir=DIR man documentation in DIR [PREFIX/man]
    --srcdir=DIR find the sources in DIR [configure dir or ..]
    --program-prefix=PREFIX prepend PREFIX to installed program names
    --program-suffix=SUFFIX append SUFFIX to installed program names
    --program-transform-name=PROGRAM run sed PROGRAM on installed program names

    Host type:

    --build=BUILD configure for building on BUILD [BUILD=HOST]
    --host=HOST configure for HOST [guessed]
    --target=TARGET configure for TARGET [TARGET=HOST]

    Features and packages:

    --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
    --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
    --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
    --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
    --x-includes=DIR X include files are in DIR
    --x-libraries=DIR X library files are in DIR
    --enable and --with options recognized:
    --enable-debug enable debugging compiler options
    --disable-mmap disable mmap() shared memory
    --disable-l2 disable Layer-2 features and support
    --enable-ipv6 enable IPv6 code
    --enable-v4-mapped allow IPv6 sockets to handle IPv4 connections
    --with-pcap-includes=DIR Search the specified directories for header files
    --with-pcap-libs=DIR Search the specified directories for libraries
    --enable-mysql Enable MySQL support
    --with-mysql-libs=DIR Search for MySQL libs in the specified directory
    --with-mysql-includes=DIR Search for MySQL includes in the specified directory
    --enable-pgsql Enable PostgreSQL support
    --with-pgsql-libs=DIR Search for PostgreSQL libs in the specified directory
    --with-pgsql-includes=DIR Search for PostgreSQL includes in the specified directory

    How to configure PMACCT

    Configuration OPTIONS:

    You can find all information about the config option for PMACCT for the version 0.10.0 of PMACCT in this file : CONFIG-KEYS

    The main option for PMACCTD are explain here :

    aggregate

    aggregate_filter

    plugins

    plugin_pipe_size

    plugin_buffer_size

    interface

    imt_buckets

    imt_mem_pools_number

    networks_file

    Mysql Configuration :

     

    Example With MEMORY

    ! pmacctd configuration example
    !
    ! Did you know CONFIG-KEYS contains the detailed list of all configuration keys
    ! supported by 'nfacctd' and 'pmacctd' ?
    !
    ! debug: true

    syslog:daemon
    interface: eth1
    daemonize: true
    promisc: true

    aggregate: src_host,dst_host

    plugins: memory
    plugin_pipe_size:1024000
    plugin_buffer_size:8192

    imt_buckets: 65537
    imt_mem_pools_size: 1024000

     

    Example With MEMORY & aggregate Filter


    ! pmacctd configuration example
    !
    ! Did you know CONFIG-KEYS contains the detailed list of all configuration keys
    ! supported by 'nfacctd' and 'pmacctd' ?
    !
    ! debug: true

    syslog:daemon
    interface: eth1
    daemonize: true
    promisc: true

    aggregate[inbound]: dst_host
    aggregate[outbound]: src_host
    aggregate_filter[inbound]: dst net 192.168.1.0/24
    aggregate_filter[outbound]: src net 192.168.1.0/24

    plugins: memory[inbound], memory[outbound]

    plugin_pipe_size:1024000
    plugin_buffer_size:8192

    imt_buckets: 65537
    imt_mem_pools_size: 1024000

    Example With MYSQL & Multiple Plugins & aggregate Filter

    ! pmacctd configuration example
    !
    ! Did you know CONFIG-KEYS contains the detailed list of all configuration keys
    ! supported by 'nfacctd' and 'pmacctd' ?
    !
    ! debug: true

    syslog:daemon
    interface: eth1
    daemonize: true
    promisc: true
    !plugins: memory
    !aggregate: src_host,dst_host

    sql_host:localhost
    sql_user:pmacct
    sql_passwd:pmacctpassword
    sql_db:pmacctdb
    sql_table_version:1

    aggregate[inbound1]: dst_host
    aggregate[outbound1]: src_host
    aggregate_filter[inbound1]: dst net 192.168.1.0/19
    aggregate_filter[outbound1]: src net 192.168.1.0/19
    aggregate[inbound2]: dst_host
    aggregate[outbound2]: src_host
    aggregate_filter[inbound2]: dst net 192.168.50.0/23
    aggregate_filter[outbound2]: src net 192.2168.50/23
    aggregate[inbound3]: dst_host
    aggregate[outbound3]: src_host
    aggregate_filter[inbound3]: dst net 192.168.100.0/22
    aggregate_filter[outbound3]: src net 192.168.100.0/22
    aggregate[inbound4]: dst_host
    aggregate[outbound4]: src_host
    aggregate_filter[inbound4]: dst net 192.168.200.0/21
    aggregate_filter[outbound4]: src net 192.168.200.0/21

    plugins: mysql[inbound1], mysql[outbound1],mysql[inbound2], mysql[outbound2],mysql[inbound3], mysql[outbound3],mysql[inbound4], mysql[outbound4]

    plugin_pipe_size:1024000
    plugin_buffer_size:8192

    sql_table[inbound1]: acct_ineth1
    sql_table[outbound1]: acct_outeth1
    sql_table[inbound2]: acct_ineth1
    sql_table[outbound2]: acct_outeth1
    sql_table[inbound3]: acct_ineth1
    sql_table[outbound3]: acct_outeth1
    sql_table[inbound4]: acct_ineth1
    sql_table[outbound4]: acct_outeth1

    !sql_refresh_time:300
    sql_history:5m
    sql_history_roundoff: m

    imt_buckets: 65537
    imt_mem_pools_size: 1024000

    Other Example :

    Network LIST FILE

    PMACCT:

    IMT
    Multiple plugins
    Mysql & Postgresql v1
    Mysql & Postgresql v2

    NFACCTD:

    Print
    Mysql & Postgresql v1
    Mysql & Postgresql v2

     

    How to use PMACCT

    pmacct, pmacct client 0.9.5
    Usage: pmacct [query]

    Queries:
    -s collect full table statistics
    -N [matching data[';' ... ]] | ['file:'[filename]]
    match actual data; print counter(s) only
    -n [bytes|packets|flows|all]
    select counter to print (applies to -N)
    -S Sum counters instead of returning a single counter for each request (applies to -N)
    -M [matching data[';' ... ]] | ['file:'[filename]]
    match actual data; print formatted table
    -a display all table fields (even those currently unused)
    -c [src_mac|dst_mac|vlan|src_host|dst_host|src_port|dst_port|tos|proto|src_as|dst_as|
    |sum_mac|sum_host|sum_net|sum_as|sum_port|tag|flows]
    select primitives and flows (required by -N and -M)
    -e clear statistics
    -r reset counters for the matched entries (applies to either -N or -M)
    -t check table status
    -p [file]
    socket for client-server communication (DEFAULT: /tmp/collect.pipe)

    See EXAMPLES file in the distribution for examples

    For suggestions, critics, bugs, contact me: Paolo Lucente .
    Start Deamon

     

    ./pmacctd -D -i eth0 -f /etc/pmacctd.conf

    If you used a memory config src_host & dst_host:

    pmacct -s
    SRC IP                                         DST IP                                         PACKETS     BYTES
    192.168.1.93 4.23.190.230 1 76
    192.168.1.93 216.52.237.153 1 76
    216.52.237.153 192.168.1.93 1 76
    83.64.122.171 192.168.1.93 1 76
    192.168.1.210 192.168.1.105 3 204
    192.168.1.93 130.236.254.102 1 76
    4.23.190.230 192.168.1.93 1 76
    130.236.254.102 192.168.1.93 1 76
    192.168.1.93 83.64.122.171 1 76
    pmacct -s

    SRC IP DST IP SRC PORT DST PORT PACKETS BYTES
    216.52.237.153 192.168.1.93 123 33008 1 76
    80.92.65.19 192.168.1.93 80 45051 184 257286
    192.168.1.93 80.92.65.19 45046 80 2 104
    192.168.1.78 192.168.1.255 138 138 1 229
    192.168.1.93 192.168.1.33 33017 53 2 127
    192.168.1.93 192.168.1.33 57851 5223 1 52
    192.168.1.33 192.168.1.93 5223 57851 1 269
    192.168.1.9 192.168.1.93 80 44948 50 26369
    82.219.3.129 192.168.1.93 123 33006 1 76
    192.168.1.58 192.168.1.255 137 137 18 1404
    192.168.1.93 80.92.66.110 53479 80 4 798
    192.168.1.9 192.168.1.93 80 44949 4 814
    80.92.66.110 192.168.1.93 80 53478 21 24104
    192.168.1.93 82.219.3.129 33006 123 1 76
    192.168.1.93 192.168.1.9 44949 80 6 1297
    Last Updated on Saturday, 30 January 2010 22:29