What is the filter rule syntax? What xFlow (NetFlow/sFlow) filter parameters are supported by PRTG?
Created on Feb 3, 2010 2:34:58 PM by
Last change on Feb 18, 2010 3:31:40 PM by
What filter rules can be used for custom Packet Sniffing or xFlow (NetFlow/sFlow) sensors?
1 Reply
Accepted Answer
Filter Rules for Custom Packet Sniffing or Netflow Sensors Under PRTG Network Monitor 7
Filter rules are used for the include, exclude and channel definition fields of custom packet sniffer and netflow sensors.
Filter rules are based on the following format:
field[filter]
Valid fields are:
- IP
- Port
- SourceIP
- SourcePort
- DestinationIP
- DestinationPort
- Protocol (values: TCP, UDP, ICMP, OSPFIGP or any number)
- ToS
Sniffer Only Fields:
- MAC
- SourceMAC
- DestinationMAC
- EtherType (values IPV4, ARP,RARP,APPLE, AARP,IPV6 ,IPXold, IPX or any number)
Netflow Only Fields:
- Interface
- ASI
- InboundInterface
- OutboundInterface
- SourceASI
- DestinationASI
Data Formats:
- IP fields support wildcards (*), range (10-20) and hostmask ( /10, /255.255.0.0) syntax.
- Number fields support range (80-88) syntax.
- Protocol and EtherType fields support numbers and a list of predefined constants.
Samples:
SourceIP[10.0.0.1] SourceIP[10.*.*.*] SourceIP[10.0.0.0/10] DestinationIP[10.0.0.120-130] DestinationPort[80-88] Protocol[UDP]
Complex expressions can be created using parentheses and and/or/not:
Protocol[TCP] and not (DestinationIP[10.0.0.1] or SourceIP[10.0.0.120-130])
See also
How do the channel definitions for custom Packet Sniffing or xFlow (NetFlow/sFlow) sensors work?
Created on Feb 3, 2010 2:35:17 PM by
Last change on Mar 10, 2010 10:06:49 AM by
Please log in or register to enter your reply.
Disclaimer:The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment