The utility provided by this repository is similar to pmacct. It can use libpcap to inspect traffic on a network interface and store statistics regarding the number of packets and their size. In addition to storing the total amount of traffic, it also has support for aggregating by source/destination IPv4 address.
Where this utility differs from pmacct is that it doesn't store its results in a database. Instead, it binds a HTTP server that exports a metrics page that can be scraped by Prometheus. By default, this HTTP server listens on port 9112.
Right now promacct is still simple enough that it can easily be built by
hand. Be sure to take a look at build.sh to see how. The script
build_static.sh builds a statically linked executable for Linux-based
systems.
Promacct has very few dependencies. It's written in C++, making use of certain C++17 features. It makes use of libpcap.
After building promacct, it can be started as follows:
promacct -i eth0 -i eth1 -r 192.168.1.100-192.168.1.200:customer=acmecorp:environment=production
This makes promacct sniff for traffic on eth0 and eth1, storing the
total amount of traffic in separate histograms. It also creates
histograms for the aggregated amount of network traffic for every
individual IPv4 address between 192.168.1.100 and 192.168.1.200. To each
of these entries, it also attaches the labels customer and
environment, having the values acmecorp and production,
respectively.
The following rule can be used to compute a five-minute rate of all traffic per host and network interface:
instance_interface:promacct_packet_size_bytes_all:rate5m =
sum(rate(promacct_packet_size_bytes_all_sum{job="promacct"}[5m]))
by (instance, interface)
This metric can be used to compute a monthly 95th percentile as follows:
instance_interface:promacct_packet_size_bytes_all:quantile31d{quantile="0.95"} =
quantile_over_time(0.95, instance_interface:promacct_packet_size_bytes_all:rate5m[31d])