PRTG Manual: Channel Definitions for xFlow, IPFIX, and Packet Sniffer Sensors

When adding custom xFlow sensors, custom IPFIX, or custom Packet Sniffer sensors, you have the option to provide a Channel Definition using the following syntax (one entry per channel):

#<id>:<Name>
<Rule>

Syntax

• The <id> must be 1 or a higher number, and it must be unique for the sensor. This means that each channel definition must have a unique ID.
  The maximum channel ID you can use is 2147483648 (2^31). Higher IDs are not supported. We recommend that you use channel IDs like 1, 2, or 3.
• The <id> is linked to the historic data.
  As soon as you change the ID, you lose the history for this particular channel that the ID was linked to.
• One rule can span multiple lines.
• The next rule starts with a # as the first character in a line.
• The <name> is the channel's display name.
• The rules are processed top to bottom (the number does not matter) and the data is accounted to the first match.
• PRTG automatically adds one channel named Other. This channel counts all traffic for which you have not defined a specific channel.
• After the name, you can use an optional [<unit>] to override the automatic unit, which is based on the source sensors.

The <Rule> syntax is identical to the one described in the Filter Rules for xFlow, IPFIX, and Packet Sniffer Sensors section. Because data is accounted to the first match, make sure that you start with the most specific rule at the top and get less specific to the bottom.

We recommend that you write the rules list in an external editor first and then paste it into the Channel Definition field of the sensor in PRTG. If the rules contain an error, the entries are removed after adding them.

You cannot delete channels of a sensor, even if you remove a channel from the channel definition. You also cannot change the display name of channels using the channel definition of custom xFlow sensors. Renaming is only possible via channel settings.

Example

General example:

#5:HTTP
Protocol[TCP] and
(SourcePort[80] or DestinationPort[80] or SourcePort[8080] or
DestinationPort[8080])

Channel definition example for differentiating by protocol:

#1:TCP
Protocol[TCP]
 
#2:UDP
Protocol[UDP]
 
#3:ICMP
Protocol[ICMP]

More

KNOWLEDGE BASE

How can I change the default groups and channels for xFlow and Packet Sniffer sensors?

• https://kb.paessler.com/en/topic/60203

Advanced Topics

• Active Directory Integration
• Application Programming Interface (API) Definition
• Filter Rules for xFlow, IPFIX, and Packet Sniffer Sensors
• Channel Definitions for xFlow, IPFIX, and Packet Sniffer Sensors
• Define IP Ranges
• Define Lookups
• Regular Expressions
• Calculating Percentiles
• Add Remote Probe
• Failover Cluster Configuration
• Data Storage
• PRTG Housekeeping
• Using Your Own SSL Certificate