What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Netflow: Capture only a subnet

Votes:

0

Hi everybody,

is it possible to capture only one subnet of netflow traffic?
For instance: If a switch processes traffic of the subnet 10.1.x.x and 10.2.x.x, would it be possible to capture only traffic of 10.2.x.x ?

Actually I am using softflowd to capture netflow traffic and it would be best to restrict it only to one subnet directly.
Alternatively: Is there a way to export only those netflows of a specific subnet (e.g. with flow-export from flowtools)?

Thanks for your help! Cheers

capture flow netflow subnet

Created on Jan 17, 2013 9:04:08 AM

Last change on Dec 2, 2021 9:23:03 AM by Maike Guba [Paessler Support] (2,404) 2 1



Best Answer

Accepted Answer

Votes:

0

If you wish to compare the traffic usage of multiple subnets in the same flow sensor or filter out a specific subnet in your flow, please check the two alternatives below:

1. You can have multiple sensors monitoring each subnet, you can use the Filtering option within the sensor's settings to create various distinct sensors, one for each sub-net (and set the filters accordingly):

For instance if you have multiple /24 subnets within the 192.168.0.0 network, create distinct sensors and set the following filters:

IP[192.168.10.0/24]
IP[192.168.11.0/24]
IP[192.168.12.0/24]

2. On the other hand if you want to have all subnets within a same sensor, listing only the total bandwidth (and not per protocol) you can check the (Custom) variant of the flow-based bandwidth sensors, leave the filters empty and use a channel definition similar to the following: 

#1:Subnet 10 Traffic
IP[192.168.10.0/24]
#2:Subnet 11 Traffic
IP[192.168.11.0/24]
#3:Subnet 12 Traffic
IP[192.168.12.0/24]

The same rules will also apply (on both cases) if you want to filter a specific host only, for instance IP[192.168.10.123].

For further details about the syntax for filter rules please check:

Note: In both examples above the sensors would also take into account the traffic that goes from one subnet to the other (internal), if you're only interested in traffic that goes to the internet, use the AND filter to include some other condition, for instance Port[] or similar to further filter refine the filter rules.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Aug 1, 2016 9:10:37 AM by Luciano Lingnau [Paessler]

Last change on Dec 2, 2021 9:23:13 AM by Maike Guba [Paessler Support] (2,404) 2 1



4 Replies

Votes:

0

Hello,

within PRTG, you can use Filter Options on the Netflow Sensor(s).

best regards.

Created on Jan 17, 2013 2:49:41 PM by Torsten Lindner [Paessler Support]



Votes:

0

What would be the steps to create this? Under Network Discovery I added a Group. Under the group I Added my network with IPv4: 10.10.*.*

--> no results.

Created on Jun 28, 2016 7:08:55 AM



Votes:

0

Carsten, there may be a slight misunderstanding here. The initial question was to Netflow Sensors and in them, filtering for only certain IPs. It seems you refer to the Auto-Discovery though. Can you share some screenshots showing the settings that you took in the according group?

Created on Jun 28, 2016 2:49:28 PM by Torsten Lindner [Paessler Support]



Accepted Answer

Votes:

0

If you wish to compare the traffic usage of multiple subnets in the same flow sensor or filter out a specific subnet in your flow, please check the two alternatives below:

1. You can have multiple sensors monitoring each subnet, you can use the Filtering option within the sensor's settings to create various distinct sensors, one for each sub-net (and set the filters accordingly):

For instance if you have multiple /24 subnets within the 192.168.0.0 network, create distinct sensors and set the following filters:

IP[192.168.10.0/24]
IP[192.168.11.0/24]
IP[192.168.12.0/24]

2. On the other hand if you want to have all subnets within a same sensor, listing only the total bandwidth (and not per protocol) you can check the (Custom) variant of the flow-based bandwidth sensors, leave the filters empty and use a channel definition similar to the following: 

#1:Subnet 10 Traffic
IP[192.168.10.0/24]
#2:Subnet 11 Traffic
IP[192.168.11.0/24]
#3:Subnet 12 Traffic
IP[192.168.12.0/24]

The same rules will also apply (on both cases) if you want to filter a specific host only, for instance IP[192.168.10.123].

For further details about the syntax for filter rules please check:

Note: In both examples above the sensors would also take into account the traffic that goes from one subnet to the other (internal), if you're only interested in traffic that goes to the internet, use the AND filter to include some other condition, for instance Port[] or similar to further filter refine the filter rules.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Aug 1, 2016 9:10:37 AM by Luciano Lingnau [Paessler]

Last change on Dec 2, 2021 9:23:13 AM by Maike Guba [Paessler Support] (2,404) 2 1




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.