What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Protocol repetition on Netflow sensor

Votes:

0

At first I configured the channel definition as follow:

#1:HTTP
Protocol[TCP] and (SourcePort[80] or DestinationPort[80] or SourcePort[443] or DestinationPort[443])

#2:TCP
Protocol[TCP]

#3:UDP
Protocol[UDP]

#4:ICMP
Protocol[ICMP]

Later, I modified it to add more channels:

#1:HTTP
(Protocol[TCP] or Protocol[UDP]) and (SourcePort[80] or DestinationPort[80] or SourcePort[443] or DestinationPort[443])

#2:FTP
Protocol[TCP] and (SourcePort[20-21] or DestinationPort[20-21])

#3:SFTP/SSH
Protocol[TCP] and (SourcePort[22] or DestinationPort[22])

#4:SMTP
Protocol[TCP] and (SourcePort[25] or DestinationPort[25] or SourcePort[587] or DestinationPort[587]or SourcePort[465] or DestinationPort[465])

#5:DNS
Protocol[TCP] and (SourcePort[53] or DestinationPort[53])

#6:tFTP
Protocol[UDP] and (SourcePort[69] or DestinationPort[69])

#7:POP3
Protocol[TCP] and (SourcePort[110] or DestinationPort[110])

#8:sFTP
(Protocol[TCP] or Protocol[UDP]) and (SourcePort[115] or DestinationPort[115])

#9:IMAP
Protocol[TCP] and (SourcePort[143] or DestinationPort[143])

#10:SNMP
(Protocol[TCP] or Protocol[UDP]) and (SourcePort[161] or SourcePort[162] or DestinationPort[161] or DestinationPort[162])

#11:FTPS
Protocol[TCP] and (SourcePort[989-990] or DestinationPort[989-990])

#12:IMAPS
Protocol[TCP] and (SourcePort[993] or DestinationPort[993])

#13:WinSrvUpSrv
(Protocol[TCP] or Protocol[UDP]) and (SourcePort[8530-8531] or DestinationPort[8530-8531])

#14:LogMeInHamachi
Protocol[TCP] and (SourcePort[12975] or SourcePort[32976] or DestinationPort[12975] or DestinationPort[32976])

#15:L2TP
Protocol[115]

#16:EspAh
Protocol[50-51]

#17:GRE
Protocol[47]

#18:TCP
Protocol[TCP]

#19:UDP
Protocol[UDP]

#20:ICMP
Protocol[ICMP]

Problem is, I got now two channels for TCP, UDP, ICMP:

1.	HTTP	1,759 MByte	94 %
2.	TCP	99 MByte	5 %
3.	ICMP	7,574 KByte	< 1 %
4.	SNMP	4,192 KByte	< 1 %
5.	UDP	1,397 KByte	< 1 %
6.	ICMP	922 KByte	< 1 %
7.	IMAPS	459 KByte	< 1 %
8.	POP3	131 KByte	< 1 %
9.	TCP	8,256 Byte	< 1 %
10.	UDP	5,498 Byte	< 1 %
11.	WinSrvUpSrv	647 Byte	< 1 %
Other	 	0 Byte	< 1 %

Seems like new channel definition was appended to first channel definition, it was not replaced.

channels netflow protocols

Created on Feb 27, 2018 7:02:30 PM

Last change on Feb 28, 2018 12:52:17 PM by Sven Roggenhofer [Paessler Technical Support]



3 Replies

Votes:

0

Hey Oscar, thanks for your KB-Post.

As a general PRTG rule, it is not possible to delete or in some cases rename existing channels from a sensor. In this particular case, you first had #2:TCP and then switched to #18:TCP. As a result, you now got two TCP channels, but the first one is actually now using this definition:

#2:FTP
Protocol[TCP] and (SourcePort[20-21] or DestinationPort[20-21])

If you decide to completely change the custom definition for this sensor type, you should re-create the sensor (You will however lose the sensor's history by doing this.

Alternatively, if you "can't lose" the collected sensor data but need to update the definition, you need preserve the original ID when changing the channels, in this case, effectively moving #2:TCP, #3:UDP and #4:ICMP all the way to the end of the definition and using new numbers for the newly created channels, for example #101, #102, #103 and so on.

Best regards,
Sven

Created on Mar 1, 2018 9:26:05 AM by Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Thanks Sven, I will re-create the sensor then. By the way, is there a guide describing all the commands/parameters we can use for channel definition?. Thanks again for your support.

Created on Mar 1, 2018 8:19:15 PM



Votes:

0

Hey Oscar,

Sure thing, please refer to the following two links:

Best regards,
Sven

Created on Mar 2, 2018 5:35:54 AM by Sven Roggenhofer [Paessler Technical Support]

Last change on Jan 13, 2022 10:12:30 AM by Frank Hadasch [Paessler Support] (0) 1




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.