Infoblox NIOS Logs
Overview Direct link to this section
Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.
This document describes how to configure your Infoblox NIOS instance to send the necessary logs to a Syslog server for monitoring security information.
After completing this process, you must provide the IP address assigned to the Infoblox NIOS virtual machine to Arctic Wolf®.
Configure your Infoblox NIOS instance for security monitoring Direct link to this section
-
Access your Infoblox grid manager and sign in with the appropriate credentials.
-
Select the Grid tab and then select Grid Manager > Members > Grid Properties > Edit to access the Grid Properties editor.
-
Select the Monitoring tab to begin the Syslog configuration.
-
Complete the following steps to set up the Syslog server:
- Select Log to External Syslog Servers.
- Select Add to define a new Syslog server. A new row is added to the table.
- Enter the following information in the new row that is added to the table:
- Address — Enter the management IP address for the Arctic Wolf sensor.
- Transport — Select TCP.
- Interface — Select Any.
- Source — Select Any.
- Port — Verify that the value is
514
. - Severity — Select Debug.
- Logging Category — Select Send All.
- Select Add to confirm and add the Syslog configuration.
- Select Copy Audit Log Messages to Syslog to monitor the administrative activities on the server.
Tip: For Syslog Facility, select the facility that determines which log messages are generated.
-
Save the configuration. Your Infoblox NIOS service is now configured to send Syslog messages to your Arctic Wolf Sensor.
-
Proceed to Enable DNS logging categories.
Enable DNS logging categories Direct link to this section
-
Select DNS from the Data Management tab, and then select Grid DNS Properties.
-
Select Logging in the navigation pane, and then select Basic in the navigation bar.
-
Under Logging Category, select all categories except for query rewrite, DTC load balancing, and DTC health monitors.
Note: Ensure that queries and responses are selected.
-
Select Save & Close.
-
Proceed to Provide configuration details to Arctic Wolf so that Arctic Wolf can monitor your Infoblox device.
Provide configuration details to Arctic Wolf Direct link to this section
- Visit the Arctic Wolf Portal and select Contact your CST.
- Include the following information in the message for your Concierge Security® Team (CST):
- Confirmation that you have completed the steps in this configuration guide.
- The IP address assigned to the Infoblox NIOS virtual machine.
- Any other questions or comments that you have.
- Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Infoblox device.