We have firewall data providing netflow information into PRTG. I see that the default views show Top Talkers, Top Protocols, and Top Connections. Is there an option within PRTG to flip this to look at the rare events which could be interesting anomalies to look into? I'd like to perform some long tail analysis and sift through the examine those small events which are buried in all of the "Top Talker" noise.
Viewing rare events in PRTG
Modified on 2025-06-10 20:29:12 +0200
Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Hello,
Thank you for your message.
Regarding what you would like to achieve, I'm afraid that the NetFlow sensor is designed to display the Flows sent by the target device only. You can define alerts based on the bandwidth usage, monitor the type of traffic, etc. However, to identify unexpected traffic from the devices, I invite you to have a look to a security related product such as a SIEM.
Nevertheless, if you desire to monitor specific traffic with NetFlow you can use the custom version of the sensor to define your own rules. Here is the manual of the NetFlow V9 (Custom) sensor as example: https://www.paessler.com/manuals/prtg/netflow_v9_custom_sensor
If you have questions, do not hesitate.
Regards.
Feb, 2022 - Permalink