Knowledge Base

Filtering Data when using Custom Packet Sniffing or Netflow Sensors Under PRTG Network Monitor 7

Esta pagina no esta disponible en Español. Rogamos su comprension.

When adding custom Netflow or Packet Sniffing sensors under PRTG Network Monitor 7, you will notice a field entitled "Channel Definition". In this field you need to provide the channel definitions (one channel per entry) in the following manner:

#<id>:<Name>
<Rule>



For example:

#5:HTTP
Protocol[TCP] and
(SourcePort[80] or DestinationPort[80] or SourcePort[8080] or DestinationPort[8080])

 

 

  • the <id> needs to be an explicit, positive value (0 to 2000000000)
  • the <id> allows to discern the respective data: as soon as the ID has been changed, the history for this particular channel is lost
  • a rule can span multiple lines
  • the next rule starts at each new #
  • <name> is the channel's display name (i.e. this name will be displayed for the channel in case)
  • the rules are processed top to bottom (the number doesn't matter) and the data are aportioned to the first match
  • one "other" channel is added automatically



    • The following rule syntax applies:

    Keep the include list empty to include all traffic. To include and exclude specific traffic please enter filter rules based on the following format:

     

    field[filter]



    Valid fields are:

  • IP
  • Port
  • SourceIP
  • SourcePort
  • DestinationIP
  • DestinationPort
  • Protocol (values: TCP, UDP, ICMP, OSPFIGP or any number)
  • ToS


    • Sniffer Only Fields:

  • MAC
  • SourceMAC
  • DestinationMAC
  • EtherType (values IPV4, ARP,RARP,APPLE, AARP,IPV6 ,IPXold, IPX or any number)


    •  
    Netflow Only Fields:

  • Interface
  • ASI
  • InboundInterface
  • OutboundInterface
  • SourceASI
  • DestinationASI


    •  
    Samples:

    SourceIP[10.0.0.1]
    SourceIP[10.*.*.*]
    SourceIP[10.0.0.0/10]
    DestinationIP[10.0.0.120-130]
    DestinationPort[80-88]
    Protocol[UDP]



    Complex expressions can be created using parentheses and and/or/not:

    Protocol[TCP] and not (DestinationIP[10.0.0.1] or SourceIP[10.0.0.120-130])



    Recommendation: Write the rule list in an external editor and paste it into the respective PRTG field. Otherwise, if the rules contain an error, the entries will be removed when adding the rules in case!


    Channel definition examples for differentiating by protocol:

    #1:TCP
    Protocol[TCP]

    #2:UDP
    Protocol[UDP]

    #3:ICMP
    Protocol[ICMP]

     

By Category