Syslog Configuration for Infoblox NIOS

Configuration Guide

Overview

This document describes how to configure your Infoblox NIOS instance to send the necessary logs to a Syslog server for monitoring security information.

After completing this process, you must provide the IP address assigned to the Infoblox NIOS virtual machine to Arctic Wolf®.

Configuring your Infoblox NIOS instance for security monitoring

To configure your Infoblox NIOS instance for security monitoring:

  1. Access your Infoblox grid manager and sign in with the appropriate credentials.

  2. Select the Grid tab and then select Grid Manager > Members > Grid Properties > Edit to access the Grid Properties editor.

  3. Select the Monitoring tab to begin the Syslog configuration.

  4. Complete the following steps to setup the Syslog server:

    1. Select Log to External Syslog Servers.
    2. Select Add to define a new Syslog server. A new row is added to the table.
    3. Enter the following information in the new row that is added to the table:
      1. Address — Enter the management IP address for the Arctic Wolf sensor.
      2. Transport — Select TCP.
      3. Interface — Select Any.
      4. Source — Select Any.
      5. Port — Verify that the value is 514.
      6. Severity — Select Debug.
      7. Logging Category — Select Send All.
    4. Select Add to confirm and add the Syslog configuration.
    5. Select Copy Audit Log Messages to Syslog to monitor the administrative activities on the server.

    Tip: For Syslog Facility, select the facility that determines which log messages are generated.

  5. Save the configuration. Your Infoblox NIOS service is now configured to send Syslog messages to your Arctic Wolf Sensor.

  6. Proceed to Providing configuration details to Arctic Wolf so that Arctic Wolf can monitor your Infoblox device.

Providing configuration details to Arctic Wolf

To provide the necessary configuration details to Arctic Wolf:

  1. Visit the Arctic Wolf Portal and select Contact your CST.
  2. Include the following information in the message for your Concierge Security® Team (CST):
    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address assigned to the Infoblox NIOS virtual machine.
    • Any other questions or comments that you have.
  3. Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Infoblox device.