pmacct
What is it?
pmacct is a monitoring tool for network management tasks. Data collected can be used for analysis and troubleshooting purposes to maintain the health of the network. pmacct can collect, replicate and export network information. It can cache in memory tables, store persistently to SQLite3 and output to flat-files like CSV, formatted, and JSON.
Why is it needed?
To monitor data usage (IP-based or MAC-based data accounting) down to the client level. Net-Traffic will monitor traffic for the entire RED, GREEN, etc. networks, but it cannot pinpoint which client is using lots of data. Connections will take a snapshot but only show day-by-day sums. pmacct can help admins keep tabs on users that use too much data.
Why do I use it?
My ISP implemented data caps and I occasionally over-run my limit. When that limit is exceeded I pay $10 for every additional 50GB of data use ($100 max). Ouch!
Installation
pmacct can be installed with the Pakfire web interface or via the console:
pakfire install pmacct
pmacct installs a few different binaries:
- pmacctd is the daemon which runs in the background and can be configured via configuration file and delivers the wanted data.
- pmacct is the the client, the frontend to display data in different ways. See: man pmacct (1): frontend to pmacctd.
Usage
There is currently no web interface for this Addon. To run this Addon open the client console or terminal and access the IPFire box via SSH.
Config - Memory based example
Data is stored in a memory table and can be fetched via the pmacct command-line client tool pmacct. The memory plugin is recommended for prototyping and proof-of-concept and smaller-scale / home production environments.
Open the /etc/pmacct/pmacct.conf and configure pmacct similar to this:
!
! "plugin1" plugin configuration
!
plugins: memory[plugin1]
plugin_buffer_size[plugin1]: 102400
plugin_pipe_size[plugin1]: 10240000
imt_mem_pools_number: 256
imt_path[plugin1]: /var/spool/pmacct/plugin1.pipe
aggregate[plugin1]: src_host, src_port, src_mac, dst_host, dst_port, dst_mac, proto
aggregate_filter[plugin1]: ip
Note - Learn about the above keys & values and their description at:
https://github.com/pmacct/pmacct/blob/master/CONFIG-KEYS
When the pmacct.conf file is modified, then run the command:
/etc/init.d/pmacct restart
Usage - Memory based
To test pmacct, run this command:
pmacct -p /var/spool/pmacct/plugin1.pipe -s
The output will be similar to this:
Try:
pmacct -p /var/spool/pmacct/plugin1.pipe -s -T bytes
3rd party tools
The memory mode allows easily data injection into 3rd party tools like GNUplot, MRTG, RRDtool or a Net-SNMP server. See pmacct/EXAMPLES at master ยท linsomniac/pmacct
For information about using pmacct with SQLite3 see: pmacct using SQLite3
Notes
- The information in this Wiki refers to monitoring the GREEN0 network only
- see the
pmacct.conffile and theinterface: green0line - in the future I will include the blue & orange networks
- see the
Links
- The Pmacct Project
- pmacct FAQs
- pmacct Quickstart
- pmacct Config Keys
- IPFire Community - Pmacct is a lightweight passive network monitoring tool
Note - a HUGE thank you to Erik who introduced us to pmacct in 2015, built evaluation versions, and supported pmacct over the years. And to Adolf who built and submitted the current version for review. And thanks to both of them for answering WAY too many of my goofy questions!
Older Revisions • June 24, 2021 at 10:24 pm • Jon