In Top Protocols, the majority of our traffic is "OtherTCP". Unfortunately, we know that we can break this out further as we have some offsite backups and such that use custom ports. Is it possible to add custom protocols/channels so that we can break these down further rather than having everything undefined as "Other"?
Thanks, Matt
Article Comments
Felix,
Thanks for the response. I'm a little confused regarding what needs to be done to ensure that the custom flow rules are utilized. I have added them into "CustomFlowRules.osr" (the linked document doesn't say anything about overwriting "FlowRules.osr", I have added them to "FlowRules.osr", and have restarted the "PRTG Core Server Service", but I'm not having any luck getting the new rules to show when I look at the "Top Protocols" view.
Here are the rules I'm testing, which I've added above the other groups in the XML format:
<group id="3010" name="SampleProt">
<caption>SampleProt</caption>
<help>SampleProt</help>
<defaultvalue>1</defaultvalue>
<channels>
<channel id="1026" name="SampleProt">
<rule>
(Protocol[TCP] or Protocol[UDP]) and (DestinationPort[8006] OR SourcePort[8006])
</rule>
</channel>
</channels>
</group>
<group id="3011" name="Poptart">
<caption>Poptart</caption>
<help>Poptart</help>
<defaultvalue>1</defaultvalue>
<channels>
<channel id="1027" name="Poptart">
<rule>
(Protocol[TCP] or Protocol[UDP]) and (DestinationPort[4115] OR SourcePort[4115])
</rule>
</channel>
</channels>
</group>
I don't see any formatting problems or duplicate IDs, so I'm stumped as to why I cannot see the new channels.
Thanks, Matt
May, 2015 - Permalink
I apologize, please ignore my previous reply. Our current sFlow sensor was not set to 'Custom', therefore it wasn't working. I have created a new sFlow (Custom) sensor and the custom channels are working as-intended. Thank you Felix.
May, 2015 - Permalink
Hi Stanmat,
Please have a look here for a list of links which will help you to create your own channels.
Best regards
May, 2015 - Permalink