What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

Viewing rare events in PRTG



We have firewall data providing netflow information into PRTG. I see that the default views show Top Talkers, Top Protocols, and Top Connections. Is there an option within PRTG to flip this to look at the rare events which could be interesting anomalies to look into? I'd like to perform some long tail analysis and sift through the examine those small events which are buried in all of the "Top Talker" noise.

netflow prtg threat-hunting

Created on Feb 9, 2022 8:38:38 PM

1 Reply




Thank you for your message.

Regarding what you would like to achieve, I'm afraid that the NetFlow sensor is designed to display the Flows sent by the target device only. You can define alerts based on the bandwidth usage, monitor the type of traffic, etc. However, to identify unexpected traffic from the devices, I invite you to have a look to a security related product such as a SIEM.

Nevertheless, if you desire to monitor specific traffic with NetFlow you can use the custom version of the sensor to define your own rules. Here is the manual of the NetFlow V9 (Custom) sensor as example: https://www.paessler.com/manuals/prtg/netflow_v9_custom_sensor

If you have questions, do not hesitate.


Created on Feb 15, 2022 11:10:22 AM by  Florian Lesage [Paessler Support]

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.