This article applies as of PRTG 22
Adjusting the default flow and Packet Sniffer channel configuration
The default flow (jFlow v5, NetFlow v5, NetFlow v9, IPFIX, sFlow) and Packet Sniffer sensors provide several categories to which you can also account the measured traffic. You can define if a traffic group counts as a separate channel (or is assigned to a standard channel) and if the traffic of this group is further divided into individual channels.
By default, PRTG creates one channel for each available group:
Click to enlarge.
Since the default channel selection might not be suitable for certain use cases, you can edit the flow rules to get a new custom default channel configuration. This also allows you to:
- adjust default settings for the channel groups: create one channel for the whole traffic group (Yes), or create several channels to further divide them (Detail), or do not create any channel and count the traffic of this group for the default channel Other Protocols (No) by default.
- enhance existing channels, for example, if ports other than the default ports are used.
- add new groups and channels that you often use: this is easier and faster than to define them in custom flow and Packet Sniffer sensors.
- remove channels that you do not need or that are not applicable to your setup.
How to edit flow rules
To change the default groups and channels, follow the steps below to edit the FlowRules.osr file.
Note: If you edit this file, all flow and Packet Sniffer sensors are changed. This also applies to sensors that already exist. Also note that changing the detail level Yes, No, or Detail only affects sensors that are newly created. We strongly recommend that you test any changes in a test environment before you apply them to your live installation. If you delete FlowRules.osr, PRTG uses the default settings again.
- Find FlowRules.osr in your PRTG program directory.
- Create a copy of the file FlowRules.osr and rename the copy to CustomFlowRules.osr. This way, you prevent the installer from overwriting your custom rules when updating PRTG. Note that PRTG overwrites the FlowRules.osr file as soon as a file named CustomFlowRules.osr exists. Any differently named OSR file is disregarded.
- Open the created file CustomFlowRules.osr with a text editor.
- When editing the file, keep the channel and group IDs as they are. If you do not change the IDs, PRTG can match the channels with the configuration and historic data.
- The definitions are processed starting at the topmost entry consecutively to the bottom. Because of this, we recommend that you first define specific rules and then more general rules (for example, the Various traffic group).
- You can individually define the default setting for each group about how detailed the traffic is split into channels with a default value. See below for more information.
- For details on the syntax of the filter rules, see PRTG Manual: Filter Rules for Flow, IPFIX, and Packet Sniffer Sensors.
- Restart the PRTG core server so that the changes to the flow rules take effect.
Structure of the flow rules file
The basic structure of the file with the flow rules looks like this:
<!-- explanation -->
<?xml declaration>
<groups>
<group id="unique integer" name="unique name">
<caption>displayed group name</caption>
<help>displayed text for content</help>
<defaultvalue>0, 1, or 2</defaultvalue>
<channels>
<channel id="unique integer" name="displayed channel name">
<rule>traffic filter rule</rule>
</channel>
[several other channel definitions]
</channels>
</group>
[several other group definitions]
</groups>
- The default FlowRules.osr file starts with an explanation of the flow rules’ functionality between the comment tags <!-- and -->. Keep this in CustomFlowRules.osr to always have a quick overview about how to edit the file.
- The <?xml> tag defines the content as XML.
- In the <groups> tag, all groups and their channels are defined.
- Each group is defined within one dedicated <group> tag. Each group needs a unique ID (which you should not change for existing groups) and a unique name to identify this group.
- A group definition contains the following:
- <caption>: The caption is shown in the Group column of the sensors’ channel configuration.
- <help>: The help text is shown in the Content column in front of the actual channel names.
- <defaultvalue>: This sets the default setting for traffic division. You can use
- 1 for the Yes setting (create one channel for the traffic group),
- 2 for the Detail setting (create several channels to further divide the traffic),
- 0 for the No setting (traffic of this group counts for the Other channel).
- <channels>: Define the channels of a traffic group in this tag.
- The <channel> tag contains single channel definitions with the corresponding traffic rules.
- One channel definition is given in one <channel> tag. This tag contains parameters for a unique ID (which you should not change for existing channels) and for a name that is displayed for this channel.
- In the <channel> tag, define the filter rule for this channel in the <rule> tag. For the syntax, see the PRTG Manual: Filter Rules for Flow, IPFIX, and Packet Sniffer Sensors.
Add comment