Infoblox NIOS DNS Logs via NetoDNS syslog

Netography Fusion ingests Infoblox NIOS DNS logs via netodns, a software component from Netography that you deploy and operates as a syslog listener in your local environment. You configure Infoblox NIOS to send query logs via syslog to this component, which then utilizes the Netography Fusion API to deliver the logs securely to Fusion.

Step 1. Deploy NetoDNS

First, you must deploy netodns to a system in your environment. If you have deployed the NetoFlow Collector, deployment and configuration follow similar steps.

  • netodns listens on TCP port 514 (syslog), and needs network access to allow an inbound connection to this port from your Infoblox NIOS system that will be sending syslog output.

  • You should restrict network access to netodns to only the Infoblox NIOS IP(s) to prevent other systems from also sending syslog to this device.

Step 2. Infoblox NIOS Configuration

ℹ️ Impact of enabling query logging on Infoblox NIOS

Enabling queries and responses logging in Infoblox will have some impact on NIOS system performance, the extent to which is highly dependent on your configuration, system specs, and volume.

If you have a large Infoblox Grid deployment, it is recommended you incrementally enable syslog on members of the grid and monitor the Infoblox system utilization to ensure it has adequate system resources with this additional logging enabled.

If you have scaling issues deploying this configuration, contact Netography Support to discuss. Netography chose syslog as the most real-time and compatible method for log ingest across Infoblox NIOS deployments/versions, but there are alternative methods that may be supported in the future by Fusion.

Configure Infoblox NIOS to send queries and responses via syslog (TCP/514) to netodns. Consult Infoblox documentation for your specific product and version for the updated configuration steps for doing so.

See: https://docs.infoblox.com/space/nios90/280403148/Using+a+Syslog+Server

Configuring Syslog in Infoblox NIOS

To configure a NIOS appliance to send syslog to netodns, complete the following:

  1. From the Grid tab, select the **Grid Manager **tab -> Members tab, and then click **Grid Properties **-> **Edit **from the Toolbar.

  2. In the Grid Properties editor, select the** Monitoring** tab, and then configure syslog output, using the following settings.

Setting
Value

Log to External Syslog Servers

Enabled

Address

IP/FQDN of netodns deployed in your environment

Transport

TCP

Source

Any

Node ID

LAN

Port

514

Severity

Info

Logging Category

DNS Logging Categories:queries responses

Netography Fusion Setup

Once netodns receives syslog from Infoblox NIOS, it will add a traffic source for Infoblox NIOS to Fusion and you will see DNS traffic in the Fusion Portal. No configuration is required in the Fusion portal.

PreviousGCP Cloud DNS Logs via Pub/Sub SetupNextIngest NetFlow & sFlow

Last updated