What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

PRTG with Juniper EX-Switch

Votes:

0

Hi folks

I got a general question about flow-monitoring. Here is my theoretical setup: 1 Juniper ex-switch with let's say 3 directly connected firewall. The firewalls are connected on Port xe-0/0/0, xe-0/0/1 and xe-0/0/2. On the switch I configure the sflow protocal as following:

polling-interval 20; sample-rate { ingress 1000; egress 1000; } source-ip 10.x.x.x collector 10.x.x.x { udp-port 6343; } interfaces xe-0/0/0.0; interfaces xe-0/0/1.0; interfaces xe-0/0/2.0;

Now I'd like to see how much traffic there is on each link. I'd like to see what kind of traffic it is.

How do I set up PRTG now? I tried to add 3 sensors and do Include-Filters(Interface[0/0/0.0]), but this is not working properly because it only shows me the traffic that has its destination on that specified interface.

Can anyone please help?

Thanks very much!

Commandi

juniper prtg xflow

Created on Sep 26, 2016 9:16:55 AM



9 Replies

Votes:

0

I have not experience in Juniper, so I am not sure that my idea is good. Idea is to create 3 different sflow instances and direct their statistics to 3 separate PRTG sensors. Each sflow_instance---prtg_sensor pair should be configured on distinct UDP port for communication.

Created on Sep 26, 2016 10:42:19 AM



Votes:

0

hi Oleg

Thanks a lot for sharing your idea.

As far as I know it is not possible to configure 3 sflow instances with 3 different collectors and their own ports on a ex switch. From what I saw it is only possible to configure 1 sflow instance with several collector IP's. But of course it is a huge overhead to create a prtg instance for every link I want to monitor.

But I'll check this later to be absolutely sure about this!

Best regards commandi

Created on Sep 26, 2016 11:18:13 AM



Votes:

0

Dear commandi

The interface can be filtered for, but only as number (not as string / description.) If you don't know the number, please create a test jflow custom sensor and enable stream logging in the sensor settings. You can analyse the according CSV files. Please remember to delete this sensor (or at least to disable the stream logging) as this logging creates large files.

Created on Sep 26, 2016 12:54:37 PM by Arne Seifert [Paessler Support]



Votes:

0

Ok, that did the trick, thanks Arne!

For all the Juniper Users out there: You can't specify the filter like Interface[xe-0/0/0.0] or anything with the Interface-name. You need to know the SNMPifIndex of the port and then set the filter with that index, something like Interface[560]. You can find the SNMPifIndex with "show interface xe-0/0/0"

Thanks for the help guys

Created on Sep 26, 2016 2:41:35 PM



Votes:

0

I got another question: Is it possible to show a sflow sensor as a link in a map? Since I'm just monitoring the links between devices with sflow sensors I'd like to draw a map where you can see the link status. Or maybe click on the link and get to the sensor details... Is that possible?

Thanks a lot for your help. Regards, commandi

Created on Sep 26, 2016 4:24:13 PM



Votes:

0

Dear commandi

Depending on the map object, you can click on the sensor to open the according sensor overview in PRTG.

You cannot directly show a link status. You however can connect map objects with lines while the line color depends on the sensor status.

Created on Sep 27, 2016 12:04:32 PM by Arne Seifert [Paessler Support]



Votes:

0

Thanks arne, that worked fine:)

I already got another question: I read a few articles about creating your own customflowrules for sflow sensor. Since we got a lot of "unusual" traffic I wanted to create my own ruleset. I found the file FlowRules.osr I copied it and created CustomFlowRules.osr. I added one group with one channel(NetAppSync). I restarted the PRTG Core Server Service and restarted the whole server a few times. Every custom sensor shows now 100% various traffic...

I even tried to add my group to FlowRules.osr, but that doesn't work either. I checked my CustomFlowRules.osr in a xml validator, no errors were found. Here is my CustomFlowRules.osr:

<?xml version="1.0" encoding="ISO8859-1"?>
<groups>
  <group id="3011" name="NetAppSync">
    <caption>NetAppSync</caption>
    <help>NetAppSync</help>
    <defaultvalue>1</defaultvalue>
    <channels>
     <channel id="1026" name="NetAppSync">
        <rule>
            Protocol[TCP] and (SourcePort[10566] or DestinationPort[10566])
          </rule>
      </channel>
    </channels>
  </group>
  <group id="3001" name="WWW">
    <caption>Web</caption>
    <help>WWW Traffic</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1001" name="HTTP">
        <rule>
            Protocol[TCP] 
               and ( SourcePort[80] or DestinationPort[80] 
                      or SourcePort[8080] or DestinationPort[8080])
          </rule>
      </channel>
      <channel id="1023" name="HTTPS">
        <rule>
            Protocol[TCP] and (SourcePort[443] or DestinationPort[443]) 
          </rule>
      </channel>
    </channels>
  </group>
  <group id="3002" name="FTP/P2P">
    <caption>File Transfer</caption>
    <help>File Transfer</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1024" name="FTP (Control)">
        <rule>
            Protocol[TCP] and (DestinationPort[20-21] OR SourcePort[20-21])
          </rule>
      </channel>
    </channels>
  </group>
  <group id="3003" name="Mail">
    <caption>Mail</caption>
    <help>Mail Traffic</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1006" name="IMAP">
        <rule>
            (Protocol[TCP] or Protocol[UDP]) and   ( DestinationPort[143] or SourcePort[143]  or DestinationPort[220] or SourcePort[220] or DestinationPort[993] or SourcePort[993]  )
          </rule>
      </channel>
      <channel id="1008" name="POP3">
        <rule>
            Protocol[TCP] and (SourcePort[110] or DestinationPort[110] or SourcePort[995] or DestinationPort[995])
          </rule>
      </channel>
      <channel id="1011" name="SMTP">
        <rule>
            Protocol[TCP] and (SourcePort[25] or DestinationPort[25])
          </rule>
      </channel>
    </channels>
  </group>
  <group id="3004" name="Chat">
    <caption>Chat</caption>
    <help>Chat, Instant Messaging</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1007" name="IRC">
        <rule>
            Protocol[TCP] and (SourcePort[6667] or DestinationPort[6667])
          </rule>
      </channel>
      <channel id="1025" name="AIM">
        <rule>
            Protocol[TCP] and (SourcePort[5190] or DestinationPort[5190]) 
      </rule>
      </channel>
    </channels>
  </group>
  <group id="3005" name="Remote Control">
    <caption>Remote Control</caption>
    <help>Remote Control</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1009" name="RDP">
        <rule>
            (Protocol[TCP] or Protocol[UDP]) and (SourcePort[3389] or DestinationPort[3389])
          </rule>
      </channel>
      <channel id="1014" name="SSH">
        <rule>
            Protocol[TCP] and (SourcePort[22] or DestinationPort[22])
          </rule>
      </channel>
      <channel id="1016" name="Telnet">
        <rule>
            Protocol[TCP] and (SourcePort[23] or DestinationPort[23])
          </rule>
      </channel>
      <channel id="1017" name="VNC">
        <rule>
            Protocol[TCP] and   (SourcePort[5800] or DestinationPort[5800] or    SourcePort[5900] or DestinationPort[5900])
          </rule>
      </channel>
    </channels>
  </group>
  <group id="3007" name="Infrastructure">
    <caption>Infrastructure</caption>
    <help>Network Services</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1003" name="DHCP">
        <rule>
            Protocol[UDP]
              and ((SourcePort[68] and DestinationPort[67])
                    or (SourcePort[67] and DestinationPort[68])  )
          </rule>
      </channel>
      <channel id="1004" name="DNS">
        <rule>
            (Protocol[TCP] or Protocol[UDP]) and   (SourcePort[53] or DestinationPort[53])
          </rule>
      </channel>
      <channel id="1005" name="Ident">
        <rule>
            Protocol[TCP] and (SourcePort[113] or DestinationPort[113])
          </rule>
      </channel>
      <channel id="1018" name="ICMP">
        <rule>
            Protocol[ICMP]
          </rule>
      </channel>
      <channel id="1012" name="SNMP">
        <rule>
            Protocol[TCP] and (SourcePort[161-162] or DestinationPort[161-162])
          </rule>
      </channel>
    </channels>
  </group>
  <group id="3008" name="NetBIOS">
    <caption>NetBIOS</caption>
    <help>NetBIOS</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1019" name="NETBIOS">
        <rule>
            (Protocol[TCP] OR Protocol[UDP]) AND (DestinationPort[137-139]  OR SourcePort[137-139])
          </rule>
      </channel>
    </channels>
  </group>
  <group id="3010" name="Citrix">
    <caption>Citrix</caption>
    <help>Citrix</help>
    <defaultvalue>1</defaultvalue>
    <channels>
      <channel id="1023" name="Citrix">
        <rule>
          Protocol[TCP] and (Port[1494] or Port[2598] or Port[2512])
        </rule>
      </channel>
    </channels>
  </group>
  <group id="3009" name="Various">
    <caption>Other Protocols</caption>
    <help>Various</help>
    <defaultvalue>1</defaultvalue>
    <channels>
     <channel id="1021" name="OtherUDP">
        <rule>
            Protocol[UDP]
          </rule>
      </channel>
      <channel id="1022" name="OtherTCP">
        <rule>
            Protocol[TCP]
          </rule>
      </channel>
    </channels>
  </group>
</groups>

Created on Sep 28, 2016 8:59:34 AM

Last change on Sep 28, 2016 9:14:11 AM by Arne Seifert [Paessler Support]



Votes:

0

Dear commandi

User customization is not covered by technical support, I am sorry.

Instead of using the custom flow rules, you can try to use a Custom Flow sensor. This sensor allows you to enter your channel definition using the filter rules.

A possible channel definition could look like

#3001:HTTP
Protocol[TCP] and (Port[80] or Port[8080])

#3002:HTTPS
Protocol[TCP] and Port[443]

#3003:Various UDP/TCP
(Protocol[UDP]) OR (Protocol[TCP])

If you want to use instead your customflow rules set, please begin with a very simple set, just one filter, and if that works, please add additional channels.

Created on Sep 28, 2016 9:24:34 AM by Arne Seifert [Paessler Support]

Last change on Sep 28, 2016 9:45:42 AM by Arne Seifert [Paessler Support]



Votes:

0

@commandi -

Are you still happy with your switch config of "polling-interval 20; sample-rate { ingress 1000; egress 1000 }", or have you discovered you needed to tweak it a bit?

I'm about to pull my "back burner" project of defining custom rules on our EX-series, so I'm gathering input ahead of timel.

Created on Aug 11, 2018 6:24:40 PM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.