pmacct :: classification

GETTING STARTED.

a) download pmacct
shell> wget http://www.pmacct.net/pmacct-x.y.z.tar.gz

b) compile pmacct
shell> cd pmacct-x.y.z; ./configure && make && make install

c-1) download regular expression (RE) classifiers as-you-need them: you need just to point your browser to
http://l7-filter.sourceforge.net/protocols/ then:

shell> cd /path/to/classifiers/
shell> wget http://l7-filter.sourceforge.net/layer7-protocols/protocols/[ protocol ].pat

c-2) download all RE classifiers: point your browser to http://sourceforge.net/projects/l7-filter (and take
to the latest Protocol definitions tarball).

c-3) download shared object (SO) classifiers (written in C) as-you-need them: you need just to point your
browser to http://www.pmacct.net/classification/ , download the available package, extract
files and compile things following INSTALL instructions. When everything is finished, install the
produced shared objects:

shell> mv *.so /path/to/classifiers/

d-1) build pmacct configuration, a memory table example:
!
daemonize: true
interface: eth0
aggregate: flows, class
plugins: memory
classifiers: /path/to/classifiers/
snaplen: 700
!...

d-2) build pmacct configuration, a SQL example:
!
daemonize: true
interface: eth0
aggregate: flows, class
plugins: mysql
classifiers: /path/to/classifiers/
snaplen: 700
sql_history: 1h
sql_history_roundoff: h
sql_table_version: 5
sql_aggressive_classification: true
!...

e) Ok, we are done ! Fire the pmacct collector daemon:

shell> pmacctd -f /path/to/configuration/file

You can now play with the SQL or pmacct client; furthermore, you can add/remove/write patterns and load
them by restarting the pmacct daemon. If using the memory plugin you can check out the list of loaded
plugins with 'pmacct -C'. Don't underestimate the importance of 'snaplen' values; get the time to take
a read about it in the CONFIG-KEYS document. Enjoy !