What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

netflow 9 filter by destination MAC

Votes:

0

I am trying to monitor traffic bandwidth running across a peering connection. Both peers are on the same interface so monitoring the interface just shows me the total for both. I need to be able to separate them out. Can this be done with PTRG or do I need something else?

netflow-v9 peering prtg

Created on Dec 19, 2017 1:55:22 AM



7 Replies

Votes:

0

Hi there,

Netflow v9 includes the SourceMAC and DestinationMAC fields. You can enter the settings of the sensor to either create your own channels using these filter definitions, or you can create a filter to just include traffic for a particular MAC addresses.

Best regards, Felix

Created on Dec 19, 2017 1:24:29 PM by Felix Saure [Paessler Support]



Votes:

0

Awesome - thanks for pointing me in the right direction.

Created on Dec 19, 2017 4:57:34 PM



Votes:

0

Is this the proper format? DestinationMAC[0024.387d.3300] AND SourceMAC[0024.387d.3300]

Created on Dec 19, 2017 5:37:22 PM



Votes:

0

Hi,

I'd recommend to use an OR:

(DestinationMAC[0024.387d.3300] OR SourceMAC[0024.387d.3300])

And as an additional hint, PRTG likes round brackets a lot...:)

Best regards, Felix

Created on Dec 20, 2017 8:52:37 AM by Felix Saure [Paessler Support]

Last change on Dec 22, 2017 11:24:01 AM by Luciano Lingnau [Paessler]



Votes:

0

Well that is not working - I am still getting all traffic on the interface.

Hurricane Electric suggests using polling mac accounting via snmp instead.

Created on Dec 21, 2017 5:24:00 PM



Votes:

0

So this is why I stopped using PRTG -

(DestinationMAC[0024.387d.3300] OR SourceMAC[0024.387d.3300])

That filter does not filter anything. Just get full bandwidth reading of all traffic.

I even tried using MAC accounting with SNMP and that does not work either. It just alternates between 3.5gig approx and 0.5gig and the other pretty much stays at 0.01gig
1.3.6.1.4.1.9.9.84.1.2.1.1.4.54.2.0.36.56.125.51.0
1.3.6.1.4.1.9.9.84.1.2.1.1.4.54.1.0.36.56.125.51.0
Just a zig zag on the graph. :-(

Created on Dec 22, 2017 12:15:53 AM

Last change on Dec 22, 2017 11:23:46 AM by Luciano Lingnau [Paessler]



Votes:

0

Hi,

Could you please forward a screenshot of the sensor's settings page so that we can check where the filter is configured?

In regards to the SNMP counters, you can use the SNMP Tester to perform a Custom OID scan against the mentioned OID above. Mark the Repeat Every option at the upper right side of the tool and choose the same time which is configured for the scanning interval in PRTG (preferably at least one minute). Copy and paste the results in here for every OID so that we can see what the device returns.

Best regards, Felix

Created on Dec 28, 2017 9:09:49 AM by Felix Saure [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.