Skip to content
A python script to send pmacct's output to ElasticSearch
Python Shell
Branch: master
Clone or download

Latest commit

Latest commit cf51629 Nov 16, 2019

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
distrib Attempt to fixing ES7 template Oct 1, 2019
img diagram updated May 24, 2017
pierky v0.3.3-alpha1 Oct 5, 2019
scripts Make ES_Type optional Oct 5, 2019
tests Make ES_Type optional Oct 5, 2019
.gitignore refactoring 2 Jan 21, 2017
.travis.yml Make ES_Type optional Oct 5, 2019
CHANGES.rst v0.3.3-alpha1 Oct 5, 2019
CONFIGURATION.md Fix a misleading statement Nov 16, 2019
LICENSE 0.3.0a4 Feb 16, 2017
MANIFEST.in packaging 2 Jan 24, 2017
README.rst 0.3.0a2 - CSV support Jan 24, 2017
TRANSFORMATIONS.md First release Dec 16, 2014
install packaging 2 Jan 24, 2017
setup.py 0.3.0a5 fix index creation ES 5.x May 3, 2017

README.rst

pmacct-to-elasticsearch

pmacct-to-elasticsearch is a python script designed to read output from pmacct daemons, to process it and to store it into ElasticSearch. It works with both memory and print plugins and, optionally, it can perform manipulations on data (such as to add fields on the basis of other values).

img/data_flow.png

  1. pmacct daemons collect IP accounting data and process them with their plugins;
  2. data are stored into in-memory-tables (memory plugins), JSON or CSV files (print plugins);
  3. crontab jobs (memory plugins) or trigger scripts (print plugins) are invoked to execute pmacct-to-elasticsearch;
  4. pmacct's output records are finally processed by pmacct-to-elasticsearch, which reads them from stdin (memory plugins) or directly from file.

Optionally, some data transformations can be configured, to allow pmacct-to-elasticsearch to add or remove fields to/from the output documents that are sent to ElasticSearch for indexing. These additional fields may be useful to enhance graphs and reports legibility, or to add a further level of aggregation or filtering.

Installation

Install the program using pip:

pip install pmacct-to-elasticsearch

Then clone the repository and run the ./install script to setup your system:

cd /usr/local/src/
git clone https://github.com/pierky/pmacct-to-elasticsearch.git
cd pmacct-to-elasticsearch/
./install

Configuration

Please refer to the CONFIGURATION.md file. The TRANSFORMATIONS.md file contains details about data transformations configuration.

A simple tutorial on pmacct integration with ElasticSearch/Kibana using pmacct-to-elasticsearch can be found at http://blog.pierky.com/integration-of-pmacct-with-elasticsearch-and-kibana.

Future work

  • Add support of more pmacct output formats (Apache Avro, ...).

Author

Pier Carlo Chiodi - https://pierky.com/

Blog: https://blog.pierky.com/ Twitter: @pierky

You can’t perform that action at this time.