PRTG Manual: Channel Definitions for Flow, IPFIX, and Packet Sniffer Sensors

With custom Flow sensors, custom IPFIX, or custom Packet Sniffer sensors, you have the option to provide a Channel Definition with the following syntax, one entry per channel:

#<id>:<Name>
<Rule>

Syntax

  • The <id> must be 1 or a higher number, and it must be unique for the sensor. This means that each channel definition must have a unique ID.
    i_round_blueThe maximum channel ID that you can use is 2147483648 (2^31). PRTG does not support higher IDs. We recommend that you use channel IDs like 1, 2, or 3.
  • The <id> is linked to the historic data.
    i_round_redAs soon as you change the ID, you lose the history for the channel that the ID was linked to.
  • One rule can span multiple lines.
  • The next rule starts with a # as the first character in a line.
  • The <name> is the display name of the channel.
  • PRTG processes the rules from top to bottom (the number does not matter) and accounts the data to the first match.
  • PRTG automatically adds one channel named Other. This channel counts all traffic for which you do not define a specific channel.
  • After the name, you can use an optional [<unit>] to override the automatic unit, which is based on the source sensor.

The <Rule> syntax is identical to the one described in section Filter Rules for Flow, IPFIX, and Packet Sniffer Sensors. Because PRTG accounts data to the first match, make sure that you start with the most specific rule at the top and get less specific towards the bottom.

i_round_redWe recommend that you write the rules list in an external editor first and then paste it into the Channel Definition field of the sensor. If the rules contain an error, PRTG removes the entries after you add them.

i_round_blueYou cannot delete channels even if you remove a channel from the channel definition. You also cannot change the display name of channels using the channel definition of custom flow sensors. You can only rename channels in the channel settings.

Example

General example:

#5:HTTP
Protocol[TCP] and
(SourcePort[80] or DestinationPort[80] or SourcePort[8080] or
DestinationPort[8080])

Channel definition example for differentiating by protocol:

#1:TCP
Protocol[TCP]
 
#2:UDP
Protocol[UDP]
 
#3:ICMP
Protocol[ICMP]

More

i_square_blueKnowledge Base

How can I change the default groups and channels for flow and Packet Sniffer sensors?