Advanced Topics

PRTG Manual: Channel Definitions for Flow, IPFIX, and Packet Sniffer Sensors

With custom Flow sensors, custom IPFIX, or custom Packet Sniffer sensors, you have the option to provide a Channel Definition with the following syntax, one entry per channel:

#<id>:<Name>
<Rule>

Syntax

• The <id> must be 1 or a higher number, and it must be unique for the sensor. This means that each channel definition must have a unique ID.
  The maximum channel ID that you can use is 2147483648 (2^31). PRTG does not support higher IDs. We recommend that you use channel IDs like 1, 2, or 3.
• The <id> is linked to the historic data.
  As soon as you change the ID, you lose the history for the channel that the ID was linked to.
• One rule can span multiple lines.
• The next rule starts with a # as the first character in a line.
• The <name> is the display name of the channel.
• PRTG processes the rules from top to bottom (the number does not matter) and accounts the data to the first match.
• PRTG automatically adds one channel named Other. This channel counts all traffic for which you do not define a specific channel.
• After the name, you can use an optional [<unit>] to override the automatic unit, which is based on the source sensor.

The <Rule> syntax is identical to the one described in section Filter Rules for Flow, IPFIX, and Packet Sniffer Sensors. Because PRTG accounts data to the first match, make sure that you start with the most specific rule at the top and get less specific towards the bottom.

We recommend that you write the rules list in an external editor first and then paste it into the Channel Definition field of the sensor. If the rules contain an error, PRTG removes the entries after you add them.

You cannot delete channels even if you remove a channel from the channel definition. You also cannot change the display name of channels using the channel definition of custom flow sensors. You can only rename channels in the channel settings.

Example

General example:

#5:HTTP
Protocol[TCP] and
(SourcePort[80] or DestinationPort[80] or SourcePort[8080] or
DestinationPort[8080])

Channel definition example for differentiating by protocol:

#1:TCP
Protocol[TCP]
 
#2:UDP
Protocol[UDP]
 
#3:ICMP
Protocol[ICMP]

More

Knowledge Base

How can I change the default groups and channels for flow and Packet Sniffer sensors?

• https://kb.paessler.com/en/topic/60203

Visualization of Lookup Channels

• Active Directory Integration
• Application Programming Interface (API) Definition
• Filter Rules for Flow, IPFIX, and Packet Sniffer Sensors
• Channel Definitions for Flow, IPFIX, and Packet Sniffer Sensors
• Define IP Address Ranges
• Define Lookups
• Regular Expressions
• Calculating Percentiles
• Add Remote Probe
• Failover Cluster Configuration
• Data Storage
• Using Your Own SSL Certificate