A Python script designed to read output from pmacct daemons, to process it and to store it into ElasticSearch.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pierky from gravatar.com pierky

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

pmacct-to-elasticsearch

pmacct-to-elasticsearch is a python script designed to read JSON output from pmacct daemons, to process it and to store it into ElasticSearch. It works with both memory and print plugins and, optionally, it can perform manipulations on data (such as to add fields on the basis of other values).

img/data_flow.png

  1. pmacct daemons collect IP accounting data and process them with their plugins;

  2. data are stored into in-memory-tables (memory plugins) or JSON files (print plugins);

  3. crontab jobs (memory plugins) or trigger scripts (print plugins) are invoked to execute pmacct-to-elasticsearch;

  4. JSON records are finally processed by pmacct-to-elasticsearch, which reads them from stdin (memory plugins) or directly from JSON file.

Optionally, some data transformations can be configured, to allow pmacct-to-elasticsearch to add or remove fields to/from the output documents that are sent to ElasticSearch for indexing. These additional fields may be useful to enhance graphs and reports legibility, or to add a further level of aggregation or filtering.

Installation

Install the program using pip:

pip install pmacct-to-elasticsearch

Then clone the repository and run the ./install script to setup your system:

cd /usr/local/src/
git clone https://github.com/pierky/pmacct-to-elasticsearch.git
cd pmacct-to-elasticsearch/
./install

Configuration

Please refer to the CONFIGURATION.md file. The TRANSFORMATIONS.md file contains details about data transformations configuration.

A simple tutorial on pmacct integration with ElasticSearch/Kibana using pmacct-to-elasticsearch can be found at http://blog.pierky.com/integration-of-pmacct-with-elasticsearch-and-kibana.

Future work

  • Add support of more pmacct output formats (CSV, Apache Avro, …).

  • Read input from stdin pipes too.

Author

Pier Carlo Chiodi - https://pierky.com/

Blog: https://blog.pierky.com/ Twitter: @pierky

Changelog

0.3.0a1

  • Multithreading support.

    The ReaderThreads option in the plugin configuration file sets the number of threads used to process pmacct’s output.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pierky from gravatar.com pierky

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.3.3a1 pre-release

0.3.2

0.3.1

0.3.0

0.3.0a5 pre-release

0.3.0a4 pre-release

0.3.0a3 pre-release

0.3.0a2 pre-release

This version

0.3.0a1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pmacct-to-elasticsearch-0.3.0a1.tar.gz (10.3 kB view details)

Uploaded Source

File details

Details for the file pmacct-to-elasticsearch-0.3.0a1.tar.gz.

File metadata

File hashes

Hashes for pmacct-to-elasticsearch-0.3.0a1.tar.gz
Algorithm Hash digest
SHA256 753c8904448373c33df0fc23aef46d340b46a691a6103188c784764eaa82d379
MD5 9d1912361dd7eccd7837b8f631561ea1
BLAKE2b-256 b6e2b8a7227cd2ab9d6306bce1d24c6edc794604c07cc036fffc0d3075c9e0da

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page