Infoblox NIOS Logs
Updated Jan 31, 2024Configure an Infoblox NIOS instance to send logs to Arctic Wolf
You can configure your Infoblox® NIOS instance to send the necessary logs to a syslog server for Arctic Wolf®.
Requirements
-
An activated Arctic Wolf Sensor
-
Access to Infoblox grid manager with administrator permissions
Before you begin
- This is an optional configuration. Discuss this log forwarding option with your Concierge Security® Team (CST).
Steps
- Configure security monitoring for your Infoblox NIOS instance.
- Enable DNS logging categories.
- Provide your Infoblox NIOS information to Arctic Wolf.
Step 1: Configure security monitoring for your Infoblox NIOS instance
-
Sign in to the Infoblox grid manager with administrator permissions.
-
On the Grid tab, click Grid Manager > Members > Grid Properties > Edit.
-
On the Monitoring tab, complete these steps:
-
Click the Log to External Syslog Servers checkbox.
-
Click .
A new row is added to the table.
-
In the table, configure these settings:
- Address — Enter the management IP address for the Arctic Wolf Sensor.
- Transport — Select TCP.
- Interface — Select Any.
- Source — Select Any.
- Port — Verify that the value is
514
. - Severity — Select Debug.
- Logging Category — Select Send All.
-
Click Add.
-
Click Copy Audit Log Messages to Syslog to monitor the administrative activities on the server.
Tip: For Syslog Facility, select the facility that determines which log messages are generated.
-
-
Click Save & Close.
Your Infoblox NIOS service is now configured to send syslog messages to your Arctic Wolf Sensor.
Step 2: Enable DNS logging categories
-
On the Data Management tab, click the DNS tab.
-
Click Grid DNS Properties.
-
In the navigation menu, click Logging.
-
On the Basic tab, in the Logging Category section, select all categories except for query rewrite, DTC load balancing, and DTC health monitors.
Note: Make sure your system has sufficient CPU capacity before you enable DNS query logging. See System Capacity Prediction Trend for more information.
-
When prompted, click Yes if your system has sufficient CPU capacity to enable syslog for both DNS queries and responses.
-
Click Save & Close.
Step 3: Provide your Infoblox NIOS information to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
Click the Tickets tab, and then do one of these actions:
- New customers — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
- Existing customers — Click Open a New Ticket.
-
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter
Syslog changes
. - Related ticket (optional) — Keep empty.
- Message — Enter this information for your Concierge Security® Team (CST):
- Confirmation that you completed the steps in this configuration guide.
- The IP address or hostname you used during the configuration.
- Questions or comments that you have.
-
Click Send Message.
Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.