<%NUMBERING1%>.<%NUMBERING2%>.<%NUMBERING3%> PRTG Manual: Filter Rules for xFlow, IPFIX and Packet Sniffer Sensors
You can use filter rules for the include, exclude, and channel definition fields of Packet Sniffer, xFlow, and IPFIX sensors. The filter rules are based on the following format:
field[filter]
Field |
Possible Filter Values |
IP |
IP address or DNS name (see Valid Data Formats below) |
Port |
Any number |
SourceIP |
IP address or DNS name (see Valid Data Formats below) |
SourcePort |
Any number |
DestinationIP |
IP address or DNS name (see Valid Data Formats below) |
DestinationPort |
Any number |
Protocol |
TCP, UDP, ICMP, OSPFIGP, any number |
TOS |
Type Of Service: any number |
DSCP |
Differentiated Services Code Point: any number |
Field |
Possible Filter Values |
MAC |
Physical address (see Examples below) |
SourceMAC |
Physical address |
DestinationMAC |
Physical address |
EtherType |
IPV4, ARP, RARP, APPLE, AARP, IPV6, IPXold, IPX, any number |
VlanPCP |
IEEE 802.1Q VLAN Priority Code Point |
VlanID |
IEEE 802.1Q VLAN Identifier |
TrafficClass |
IPv6 Traffic Class: corresponds to TOS used with IPv4 |
FlowLabel |
IPv6 Flow Label |
Field |
Possible Filter Values |
Interface |
Any number |
ASI |
Any number |
InboundInterface |
Any number |
OutboundInterface |
Any number |
SenderIP |
IP of the sending device. This is helpful if several devices send flow data on the same port, and you want to divide the traffic of each device into a different sensor channel. Possible values: IP address or DNS name (see Valid Data Formats below) |
SourceASI |
Any number |
DestinationASI |
Any number |
Field |
Possible Filter Values |
Interface |
Any number |
ASI |
Any number |
InboundInterface |
Any number |
OutboundInterface |
Any number |
SenderIP |
IP of the sending device. This is helpful if several devices send flow data on the same port, and you want to divide the traffic of each device into a different sensor channel. Possible values: IP address or DNS name (see Valid Data Formats below) |
SourceASI |
Any number |
DestinationASI |
Any number |
MAC |
Physical address |
SourceMAC |
Physical address |
DestinationMAC |
Physical address |
Mask |
Mask values represent subnet masks in with a single number (number of contiguous bits). |
DestinationMask |
Mask values represent subnet masks in with a single number (number of contiguous bits). |
NextHop |
IP address or DNS name (see Valid Data Formats below) |
VLAN |
VLAN values represent a VLAN identifier (any number) |
SourceVLAN |
VLAN values represent a VLAN identifier (any number) |
DestinationVLAN |
VLAN values represent a VLAN identifier (any number) |
Field |
Possible Filter Values |
Interface |
Any number |
InboundInterface |
Any number |
OutboundInterface |
Any number |
SenderIP |
IP of the sending device. This is helpful if several devices send flow data on the same port, and you want to divide the traffic of each device into a different sensor channel. Possible values: IP address or DNS name (see Valid Data Formats below) |
MAC |
Physical address |
SourceMAC |
Physical address |
DestinationMAC |
Physical address |
- IP fields support wildcards (*), range (10-20) and hostmask ( /10, /255.255.0.0) syntax, as well as DNS names.
Note: IPv6 wildcards, IPv6 ranges, and IPv6 hostmasks are not supported. - Number fields support range (80-88) syntax.
- Protocol and EtherType fields support numbers and a list of predefined constants.
For detailed information on IP ranges, please see Define IP Ranges section.
All of the following filter rules are valid examples:
SourceIP[10.0.0.1]
SourceIP[10.*.*.*]
SourceIP[10.0.0.0/10]
DestinationIP[10.0.0.120-130]
DestinationPort[80-88]
Protocol[UDP]
MAC[00-60-50-X0-00-01]
DSCP[46]
You can create more complex expressions using parentheses ( ) and the words and, or, or and not. For example, this is a valid filter rule:
Protocol[TCP] and not (DestinationIP[10.0.0.1] or SourceIP[10.0.0.120-130])
- Channel Definitions for xFlow, IPFIX, and Packet Sniffer Sensors
- Monitoring Bandwidth via Packet Sniffing
- Monitoring Bandwidth via Flows
Knowledge Base: How can I change the default groups and channels for xFlow and Packet Sniffer sensors?
Keywords: Flow,Flow Filter Rules,Packet Sniffing,Packet Sniffing Filter Rules