Welcome to the pmacct project!
Description | Downloads | Mailing lists | Documentation | Logos | Contacts
DESCRIPTION.
pmacct is a small set of multi-purpose passive network monitoring tools. It
can account, classify, aggregate, replicate and export forwarding-plane data,
ie. IPv4 and IPv6 traffic; collect and correlate control-plane data via BGP
and BMP; collect and correlate RPKI data; collect infrastructure data via
Streaming Telemetry. Each component works both as a standalone daemon and as
a thread of execution for correlation purposes (ie. enrich NetFlow with BGP
data). pmacct main features are:
- Suitable to ISP, IXP, CDN, IP carrier, Cloud, DC and hot-spots enviroments and SDN solutions
- Runs on Linux, BSDs, Solaris and embedded systems
- Support for both IPv4 and IPv6
- Collects data through libpcap, Netlink/NFLOG, NetFlow v1/v5/v7/v8/v9, sFlow v2/v4/v5 and IPFIX
- Collects Streaming Telemetry data. Read more here.
- Supports Cisco NEL for CGNAT scenarios and Cisco NSEL
- Saves data to a number of backends including:
- Relational databases: MySQL, PostgreSQL and SQLite
- noSQL databases: MongoDB and BerkeleyDB
- AMQP message exchanges: RabbitMQ
- Kafka message brokers
- memory tables
- flat files
- Exports data to remote collectors through IPFIX, NetFlow v5/v9 and sFlow v5
- Replicates incoming IPFIX, NetFlow and sFlow packets to remote collectors
- Flexible architecture to tag, filter, redirect, aggregate and split captured data
- Comes with:
- a BGP daemon/thread for efficient visibility into the inter-domain routing plane. Read more here.
- Supports BGP/MPLS VPNs rfc4364, Label Unicast rfc3107
- Supports BGP ADD-PATHs (draft-ietf-idr-add-paths) for visibility of BGP multi-path routes
- Can log live BGP messaging and/or dump BGP tables per peer at regular time interval
- a BMP daemon/thread to gain insight in BGP data, events and statistics
- Supports draft-ietf-grow-bmp-loc-rib and draft-ietf-grow-bmp-adj-rib-out
- an IS-IS/IGP thread for visibility of internal routes
- a RPKI thread to associate Route Origin Validation (ROV) state to BGP data (from 1.7.3)
- a BGP daemon/thread for efficient visibility into the inter-domain routing plane. Read more here.
- Packet classification via nDPI
- Inspection of tunnelled traffic (ie. GTP)
- GeoIP lookups leveraging Maxmind library
- Pluggable architecture for easy integration of new capturing environments and data backends
- Careful SQL support: data pre-processing, triggers, dynamic table naming
- It's free, open-source, developed and supported with passion and open mind for more than 10 years
DOWNLOADS.
pmacct.
http://www.pmacct.net/pmacct-1.7.9.tar.gz
ChangeLog |
FAQS |
CONFIG-KEYS |
Latest release
Size: 2132268 bytes | Date: 01-Aug-2024
http://www.pmacct.net/pmacct-1.7.8.tar.gz
Size: 2175335 bytes | Date: 31-Dec-2022
http://www.pmacct.net/pmacct-1.7.7.tar.gz
Size: 2149629 bytes | Date: 07-Oct-2021
http://www.pmacct.net/pmacct-1.7.6.tar.gz
Size: 2126837 bytes | Date: 07-Feb-2021
Latest code is available through GitHub:
* Browse: https://github.com/pmacct/pmacct
* Download: git clone https://github.com/pmacct/pmacct.git
* Keep track: Star or Watch us on GitHub
Daily exports from Git: pmacct-daily.tar.gz
pmacct-contribs.
Code is now maintained through GitHub
ONLINE DOCUMENTATION.
For official and user-contributed documentation, check out our wiki on GitHub.
RELEVANT DOCUMENTS AND PRESENTATIONS.
Presentation: pmacct and network analytics, Paolo Lucente Oct 2018 @ FRNOG 31 (pdf)
Presentation: Introduction to pmacct, Latests on BGP monitoring, Paolo Lucente May 2017 @ GRNOG 1st Workshop (pdf)
Presentation: pmacct and Streaming Telemetry, Paolo Lucente Jun 2016 @ SINOG 3.0, Sep 2016 @ NLNOG3, Nov 2016 @ ITNOG2 (pdf)
Presentation: Waltzing on that gentle trade-off between internet routes and FIB space, an SDN story, David Barroso (Spotify), Paolo Lucente Mar 2015 @ PLNOG14, Apr 2015 @ RIPE SEE4 (pdf), May 2016 @ ESNOG17 [2016 deluxe edition] (pdf)
Presentation: Implementation of the Service Insights System at DE-CIX, Thomas King (DE-CIX) Oct 2015 @ 27th Euro-IX Forum (pdf)
Presentation: NetFlow & BGP multi-path: quo vadis?, Paolo Lucente, Elisa Jasinska (Netflix) Jun 2014 @ NANOG61, Oct 2014 @ Netnod Autumn meeting (pdf)
Tutorial: Collecting NetFlow with pmacct, Paolo Lucente, Sep 2013 @ MENOG13, Apr 2014 @ RIPE SEE3, Aug 2017 @ AfPIF (pdf)
Presentation: BGP policy violations in the data-plane, Pierre Francois (IMDEA), Paolo Lucente, Oct 2011 @ RIPE63 (pdf)
Presentation: Best practices in network planning and traffic engineering, Thomas Telkamp (Cariden), Clarence Filsfils (Cisco), Paolo Lucente, Nov 2010 @ RIPE61, Jun 2011 @ NANOG52 (pdf)
Presentation: Building traffic matrices to support peering decisions, Paolo Lucente, Jun 2010 @ NANOG49 (pdf), Sep 2010 @ European Peering Forum 5 (pdf)
Presentation: pmacct: introducing BGP natively into a NetFlow/sFlow collector, Paolo Lucente, Sep 2009 @ UKNOF14, SwiNOG19 (pdf)
Presentation: IP accounting reloaded: the pmacct project, Paolo Lucente, Jan 2007 @ UKNOF6, May 2007 @ INEX Members meeting (pdf)
Presentation: pmacct, a new player in the network management arena, Paolo Lucente, Apr 2006 @ RIPE52 (pdf)
Paper: pmacct: steps forward interface counters, Paolo Lucente, Mar 2005 (pdf)
Guide: Integration of pmacct with ElasticSearch and Kibana, Pier Carlo Chiodi, Dec 2014 (html)
Guide: Make graphs: pmacct 0.8.x and Cacti, Pedro Sanchez, Feb 2005 (html)
RELEVANT DOCUMENTS AND PRESENTATIONS (non-English).
Presentation: オープンソースのネットフローツールの運用 (JP), Noriyuki Arai (BBIX), Paolo Lucente, Jul 2015 @ JANOG36 (pdf)
Presentation: Utilizzo di strumenti di network accounting a supporto della gestione di infrastrutture complesse (IT), Paolo Lucente, Massimo Ianigro (CNR-ISSIA), May 2005 @ GARR Conference 2005 (pdf)
LINKS.
Some tools related to or topped over pmacct. In alphabetical order. Do you know of any tools relying on pmacct
not listed here ? Please, let us know.
BWstat: a network traffic statistical tool written in PHP.
Cacti-pmacct: a Cacti module to display and search pmacct data.
Captrap: a set of Perl scripts designed to work with the pmacct and a
MySQL database to generate tables and graphs.
FloX (Flow eXplorer): a simple PHP tool to examine large tables of
flow data in a SQL database.
netactuator: an active network management tool, for graphing individual
host activities and make individual host behavior patterns.
opennms-pmacct: a opennms module to display and search pmacct data.
pmacct-fe: a frontend tool to present network statistics.
pmacct-frontend: a PHP frontend to pmacct (screenshot).
pmacct-to-elasticsearch: a python script to read JSON output from pmacct daemons, to process it and to store it into ElasticSearch.
pmGraph: an application for network monitoring
to help network administrators to better monitor and manage their networks.
pNRG: pmacct Network Resource Grapher.
SIR: an SDN Internet Router.
REQUIREMENTS.
libpcap >= 0.6.x --
http://www.tcpdump.org/
PLATFORMS.
It has been tested and reported to work on:
All major Linux distributions
FreeBSD, OpenBSD and NetBSD x86/sparc
Solaris >= 8 x86/sparc
Have you successfully compiled and installed pmacct on other Operating Systems
and/or architectures not listed here ? Please, let us know.
NETFLOW and IPFIX.
Supported versions: V5/V9/V10
Netflow and IPFIX datagrams have been read successfully from:
Cisco routers and switches: ISR, ASR, CRS, Catalyst, Nexus; IOS >= 11.2, IOS-XE, IOS-XR
Juniper M/MX/PTX/T series; JunOS >= 6.x
Did you successfully read Netflow datagrams from other network gears ?
Please, let us know.
SFLOW.
Supported versions: V2/V4/V5
sFlow datagrams have been read successfully from:
HP Procurve 2800, 3400, 4200 and 9300 series
Brocade BigIron 8000 series, TurboIron series and ICX
Brocade FastIron Edge, Edge X and Workgroup Edge series
Brocade NetIron XMR/MLX series
Force10 E series (E300, E600, E1200)
Extreme Black Diamond 8800 series
Juniper EX 4200 series
Arista 7100T series
Cisco Nexus 9000 series
Did you successfully read sFlow datagrams from other network gears ?
Please, let us know.
PROMISCUOUS MODE.
Other than traditional Ethernet NICs, datagrams have been read successfully from:
Endace DAG Ethernet cards; libdag 3.0
MAILING LISTS.
If you are interested in news (new releases and Changelogs, etc.) either about the project
itself or related ones, subscribe to the pmacct-news mailing list. The list can be open for
posting - on request, see CONTACTS - to developers involved in projects based on pmacct.
Description:
News from the project: new releases, general annoucements, what is about to happen, etc.
Subcribe instructions:
send a blank email to: 
Traffic flow: very low
Description:
Discussion about project development. A place where talk about what the project still misses,
new ideas, novel approaches, etc. It's also the place where to get in touch with other pmacct
users.
Subcribe instructions:
send a blank email to: 
Traffic flow: moderate
Archive:
http://www.mail-archive.com/pmacct-discussion@pmacct.net/
LICENSE.
Licensed under The GNU General Public License, Version 2. see COPYING for details.
CONTACTS.
Any comments are warmly welcome. Feel free to contact me for bugs, critics, requests, suggestions
or even for a simple feedback with your opinions about the work done at: 