Infoblox NIOS Logs

Configuration Guide

Updated Jan 27, 2023

Infoblox NIOS Logs

Overview Direct link to this section

Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.

This document describes how to configure your Infoblox NIOS instance to send the necessary logs to a Syslog server for monitoring security information.

After completing this process, you must provide the IP address assigned to the Infoblox NIOS virtual machine to Arctic Wolf®.

Configure your Infoblox NIOS instance for security monitoring Direct link to this section

  1. Access your Infoblox grid manager and sign in with the appropriate credentials.

  2. Select the Grid tab and then select Grid Manager > Members > Grid Properties > Edit to access the Grid Properties editor.

  3. Select the Monitoring tab to begin the Syslog configuration.

  4. Complete the following steps to set up the Syslog server:

    1. Select Log to External Syslog Servers.
    2. Select Add to define a new Syslog server. A new row is added to the table.
    3. Enter the following information in the new row that is added to the table:
      1. Address — Enter the management IP address for the Arctic Wolf sensor.
      2. Transport — Select TCP.
      3. Interface — Select Any.
      4. Source — Select Any.
      5. Port — Verify that the value is 514.
      6. Severity — Select Debug.
      7. Logging Category — Select Send All.
    4. Select Add to confirm and add the Syslog configuration.
    5. Select Copy Audit Log Messages to Syslog to monitor the administrative activities on the server.

    Tip: For Syslog Facility, select the facility that determines which log messages are generated.

  5. Save the configuration. Your Infoblox NIOS service is now configured to send Syslog messages to your Arctic Wolf Sensor.

  6. Proceed to Enable DNS logging categories.

Enable DNS logging categories Direct link to this section

  1. Select DNS from the Data Management tab, and then select Grid DNS Properties.

  2. Select Logging in the navigation pane, and then select Basic in the navigation bar.

  3. Under Logging Category, select all categories except for query rewrite, DTC load balancing, and DTC health monitors.

    Note: Ensure that queries and responses are selected.

  4. Select Save & Close.

  5. Proceed to Provide configuration details to Arctic Wolf so that Arctic Wolf can monitor your Infoblox device.

Provide configuration details to Arctic Wolf Direct link to this section

  1. Visit the Arctic Wolf Portal and select Contact your CST.
  2. Include the following information in the message for your Concierge Security® Team (CST):
    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address assigned to the Infoblox NIOS virtual machine.
    • Any other questions or comments that you have.
  3. Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Infoblox device.