Infoblox NIOS Logs
Updated Aug 31, 2023Configure an Infoblox NIOS instance to send logs to Arctic Wolf
Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.
You can configure your Infoblox® NIOS instance to send the necessary logs to a syslog server for monitoring security information.
Requirements
- Activated Arctic Wolf Sensor
Steps
- Configure security monitoring for your Infoblox NIOS instance.
- Enable DNS logging categories.
- Provide configuration details to Arctic Wolf.
Step 1: Configure security monitoring for your Infoblox NIOS instance
-
Access your Infoblox grid manager and sign in with the appropriate credentials.
-
Select the Grid tab and then click Grid Manager > Members > Grid Properties > Edit to access the Grid Properties editor.
-
Select the Monitoring tab to begin the syslog configuration.
-
Complete the following steps to set up the syslog server:
- Click Log to External Syslog Servers.
- Click Add to define a new syslog server. A new row is added to the table.
- Enter the following information in the new row that is added to the table:
- Address — Enter the management IP address for the Arctic Wolf sensor.
- Transport — Select TCP.
- Interface — Select Any.
- Source — Select Any.
- Port — Verify that the value is
514
. - Severity — Select Debug.
- Logging Category — Select Send All.
- Click Add to confirm and add the syslog configuration.
- Click Copy Audit Log Messages to Syslog to monitor the administrative activities on the server.
Tip: For Syslog Facility, select the facility that determines which log messages are generated.
-
Save the configuration. Your Infoblox NIOS service is now configured to send syslog messages to your Arctic Wolf Sensor.
Step 2: Enable DNS logging categories
-
Select DNS from the Data Management tab, and then select Grid DNS Properties.
-
Select Logging in the navigation pane, and then select Basic in the navigation bar.
-
Under Logging Category, select all categories except for query rewrite, DTC load balancing, and DTC health monitors.
-
Ensure that queries and responses are selected.
Note: Confirm that your system has enough CPU capacity before you enable DNS query logging. See the Infoblox documentation about System Capacity Prediction Trend for more information.
-
When prompted, select Yes if your system has enough CPU capacity to enable syslog for both DNS queries and responses.
-
Select Save & Close.
Step 3: Provide configuration details to Arctic Wolf
- Visit the Arctic Wolf Portal and select Contact your CST.
- Include the following information in the message for your Concierge Security® Team (CST):
- Confirmation that you have completed the steps in this configuration guide.
- The IP address assigned to the Infoblox NIOS virtual machine.
- Any other questions or comments that you have.
- Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Infoblox device.
See also
- Infoblox documentation — Using a Syslog Server