sFlow Filter im PRTG Network Monitor und ihre Syntax

Filter rules are based on the following format:

field[filter]

Samples:

SourceIP[10.0.0.1]
 SourceIP[10.*.*.*]
 SourceIP[10.0.0.0/10]
 DestinationIP[10.0.0.120-130]
 DestinationPort[80-88]
 Protocol[UDP]

Complex expressions can be created using parentheses and and/or/not:

Protocol[TCP] and not (DestinationIP[10.0.0.1] or SourceIP[10.0.0.0]

Samples:

SourceIP[10.0.0.1]
SourceIP[10.*.*.*]
SourceIP[10.0.0.0/10]
DestinationIP[10.0.0.120-130]
DestinationPort[80-88]
Protocol[UDP]

Valid fields are:

IP
Port
SourceIP
SourcePort
DestinationIP
DestinationPort
Protocol (values: TCP, UDP, ICMP, OSPFIGP or any number)
ToS

Additional Sniffer Fields:

MAC
SourceMAC
DestinationMAC
EtherType (values IPV4, ARP,RARP,APPLE, AARP,IPV6 ,IPXold, IPX or any number)

Additional NetFlow v5 / jFlow fields:

Interface
ASI
InboundInterface
OutboundInterface
SourceASI
DestinationASI

Additional NetFlow v9 fields:

Interface
ASI
InboundInterface
OutboundInterface
SourceASI
DestinationASI
MAC
SourceMAC
DestinationMAC
Mask
SourceMask
DestinationMask
Note: ‚Masks‘ represent subnet masks in the form of a single number (’number of contiguous bits‘)
NextHop (IP address)
VLAN
SourceVLAN
DestinationVLAN
Note: ‚VLANs‘ represent a VLAN identifier

Additional sFlow fields:

Interface
InboundInterface
OutboundInterface
MAC
SourceMAC
DestinationMAC

Data Formats:

IP fields support wildcards (*), range (10-20) and hostmask ( /10, /255.255.0.0) syntax.
Number fields support range (80-88) syntax.
Protocol and EtherType fields support numbers and a list of predefined constants.

 http://www.paessler.com/knowledgebase/en/topic/483-what-filter-rules-can-be-used-for-custom-packet-sniffing-or-xflow-netflow-sflow-jflow-sensors