Overview Direct link to this section
This document describes how to configure your Infoblox NIOS instance to send the necessary logs to a Syslog server for monitoring security information.
After completing this process, you must provide the IP address assigned to the Infoblox NIOS virtual machine to Arctic Wolf®.
Configuring your Infoblox NIOS instance for security monitoring Direct link to this section
To configure your Infoblox NIOS instance for security monitoring:
Access your Infoblox grid manager and sign in with the appropriate credentials.
Select the Grid tab and then select Grid Manager > Members > Grid Properties > Edit to access the Grid Properties editor.
Select the Monitoring tab to begin the Syslog configuration.
Complete the following steps to set up the Syslog server:
- Select Log to External Syslog Servers.
- Select Add to define a new Syslog server. A new row is added to the table.
- Enter the following information in the new row that is added to the table:
- Address — Enter the management IP address for the Arctic Wolf sensor.
- Transport — Select TCP.
- Interface — Select Any.
- Source — Select Any.
- Port — Verify that the value is
- Severity — Select Debug.
- Logging Category — Select Send All.
- Select Add to confirm and add the Syslog configuration.
- Select Copy Audit Log Messages to Syslog to monitor the administrative activities on the server.
Tip: For Syslog Facility, select the facility that determines which log messages are generated.
Save the configuration. Your Infoblox NIOS service is now configured to send Syslog messages to your Arctic Wolf Sensor.
Proceed to Enabling DNS logging categories.
Enabling DNS logging categories Direct link to this section
To enable the correct DNS logging categories for Arctic Wolf:
Select DNS from the Data Management tab, and then select Grid DNS Properties.
Select Logging in the navigation pane, and then select Basic in the navigation bar.
Under Logging Category, select all categories except for query rewrite, DTC load balancing, and DTC health monitors.
Note: Ensure that queries and responses are selected.
Select Save & Close.
Proceed to Providing configuration details to Arctic Wolf so that Arctic Wolf can monitor your Infoblox device.
Providing configuration details to Arctic Wolf Direct link to this section
To provide the necessary configuration details to Arctic Wolf:
- Visit the Arctic Wolf Portal and select Contact your CST.
- Include the following information in the message for your Concierge Security® Team (CST):
- Confirmation that you have completed the steps in this configuration guide.
- The IP address assigned to the Infoblox NIOS virtual machine.
- Any other questions or comments that you have.
- Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Infoblox device.