Hi Bryan,
More than a plugin, i may recommend looking at the custom primitives
framework, ie. aggregate_primitives config directive. For pmacctd it
contemplates offsets to L2, L3 and L4. You may want/need to extend
the to do the same with L7 - with peculiarities of L7, ie. not just
relying on
I've just begun looking at pmacct and I wonder if there is already a plugin
that allows for more of a deep packet inspection so that I could pull out URLs
and other information that is available in http traffic I am seeing?
[FireScope]
Bryan Cantwell | SVP Technology