This article applies as of PRTG 22


How do the channel definitions work for custom packet sniffer, flow (NetFlow, sFlow, jFlow), and IPFIX sensors?

Channel definitions for custom Packet Sniffer, flow, or IPFIX sensors

When you add custom flow (for example, NetFlow, sFlow, or jFlow), custom IPFIX (included in PRTG 13.x.7 or later), or custom packet sniffing sensors to PRTG, you will notice a field named Channel Definition. In this field, you must provide the channel definitions in the following way (one entry per channel):

#<id>:<Name>
<Rule>


For example:

#5:HTTP
Protocol[TCP] and
(SourcePort[80] or DestinationPort[80] or SourcePort[8080] or
DestinationPort[8080])
  • The <id> needs to be 1 or a higher number and must be unique for the sensor. This means that each channel definition must have a unique ID.
  • The <id> is linked to the historic data. Important: As soon as you change the ID, you break the connection to the history for this particular channel and you will lose its historic data.
  • A rule can span multiple lines.
  • A new rule starts with # as the first character in a line.
  • <name> is the channel's display name.
  • The rules are processed from top to bottom (the number does not matter) and the data is accounted to the first match.
  • An other channel is added automatically.
  • After <name>, you can write an optional [<unit>] to override the unit that is automatically set based on the source sensors.


For the specific rule syntax, see the Knowledge Base: What filter rules can be used for custom Packet Sniffing, flow (NetFlow/sFlow/jFlow), or IPFIX sensors?.

Because the data is always accounted to the first match, make sure you start with the most specific rule at the top and to get less specific toward the bottom.

We strongly recommend that you write the rule list in an external editor first and then paste it into the corresponding settings field. Otherwise, if the rules contain an error, the entries will be removed when you add the rules.

Channel definition example for differentiating by protocol:

#1:TCP
Protocol[TCP]

#2:UDP
Protocol[UDP]

#3:ICMP
Protocol[ICMP]


More


Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.