What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How can I 'Drill into' NetFlow data?

Votes:

0

We have configured an IPFIX sensor on our Probe device (PRTG Network Monitor 16.1.22.2391 ) and are pointing all of our Netflow data at this probe, from several switches and Virtual Centers.

We can see the Top Talkers and the Live Data but cant really drill into the detail that we are looking for, not sure if this is due to the way we have configured things or if PRTG doesn't display the information that we are looking for.

When we look at TopTalkers we can see that a device talks with others devices, we want to be able to drill into this connection and see which devices, volumes of data ands protocols etc. From there then drill into the next piece that shows something interesting etc.

Not sure if this sis doable or not, hopefully the question makes sense though.

ipfix netflow prtg

Created on Mar 3, 2016 5:29:16 PM



3 Replies

Votes:

0

Dear Peter

The flow sensors of PRTG don't replace Wireshark, instead they provide you bandwidth information for pre-defined channels. You can setup your own traffic channels and toplists. However you cannot dig deep into the flows unless you enable the "Log Stream Data to Disk" option which generates CSV files containing the flows which you can use to check manually.

The stream logging should not be turned on for long, because those logs can fill the free harddisk space very fast.

Created on Mar 4, 2016 1:00:53 PM by Arne Seifert [Paessler Support]



Votes:

0

I was looking for the same thing as Peter. I'm not looking for a wireshark replacement as that's more into full packet detail, including the payload.

What I'd like to be able to do is click on an IP in the top talkers and have it run a query that shows which IPs communicate with that IP I just clicked on. When I see a huge spike in data, I'd like to be able to investigate that a little further and top talkers isn't quite enough information for me.

Created on May 29, 2019 11:08:21 PM



Votes:

0

Dear networkgurucnan,

thank you for your input. Detailed flow analysis this is not the direction we have in mind for PRTG. It would imply a large performance impact to store all incoming flows. For detailed flow analysis, we think hat specialized tools are the way to go. One option could be Scrutinizer.

Created on May 31, 2019 12:56:53 PM by Arne Seifert [Paessler Support]

Last change on May 31, 2019 12:57:32 PM by Arne Seifert [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.