Infoblox Trinzic appliances are hardware devices that form the foundation of an organization’s network services and reporting solutions. Configure Infoblox to send syslog through the NIOS appliance, and then to InsightOps.
Before You Begin
Before you can configure the InsightOps event source, you must send Infoblox Trinzic messages to syslog. To do this, go to the Infoblox Trinzic application and configure the NIOS appliance to send messages to a syslog server.
- From the Grid tab, select the Grid Manager tab > Members tab, and then click Grid Properties > Edit from the Toolbar.
- In the Grid Properties editor, select the Monitoring tab, and then complete the following:
- In addition to storing the syslog on a Grid member, you can configure the Grid to send the log to an external syslog server.
- Syslog size (MB): Specify the maximum size for a syslog file. Enter a value between 10 and 300. The default is 300.
- When the syslog file reaches the size you enter here, the appliance automatically writes the file into a new file by adding a .0 extension to the first file and incrementing subsequent file extensions by 1.
- Log to External Syslog Servers: Select this to enable the appliance to send messages to a specified syslog server.
- Grid Manager displays the current syslog servers in the table. To define a new syslog server, click the Add icon. Grid Manager adds a row to the table. Enter the following by clicking each field in the row:
Enter the IP address of a syslog server. Entries may be an IPv4 or IPv6 address.
From the drop-down list, select whether the appliance uses TCP or UDP to connect to the external syslog server.
From the drop-down list, select the interface through which the appliance sends syslog messages to the syslog server.
From the drop-down list, select which syslog messages the appliance sends to the external syslog server:
Enter the destination port number. The default is 514.
Choose a severity filter from the drop-down list. When you choose a severity level, the appliance sends log messages with the selected level and the levels above it. The severity levels range from the lowest, debug, to the highest, emerg. For example, if you choose debug, the appliance sends all syslog messages to the server. If you choose err, the appliance sends messages with severity levels err, crit, alert, and emerg.
- Copy Audit Log Messages to Syslog: Select this for the appliance to include audit log messages it sends to the syslog server. This function can be helpful for monitoring administrative activities on multiple appliances from a central location.
- Syslog Facility: This is enabled when you select Copy audit log messages to syslog. Select the facility that determines the processes and daemons from which the log messages are generated.
- Save the configuration and click Restart if it appears at the top of the screen
For Infoblox event sources, expect both DNS and DHCP logs to come in through the DHCP parser.
For further details, see page 1021 from their documentation.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu
- At the top right of the page, select Add Data
- Select the DHCP icon from the User Attribution section
- Select your collector, and optionally name your event source
- From the list of event source options, choose Infoblox Trinzic
- Choose a timezone, or optionally choose a US timezone
- Optionally choose to send unfiltered logs
- Configure the advanced settings
- Select either Listen for Syslog or Log Aggregator; both require that you specify a port and a protocol.
- Optionally choose to Encrypt the event source if choosing TCP
Advanced Event Source Settings
- Inactivity Timeout Threshold: Specify in minutes how long the event source should be active before it enters an error state.
- Active Failover Partner: If you have two DHCP servers configured in an active/passive relationship, you can specify the active partner.
How is Data Collected?
Once the NIOS appliance successfully forwards logs to the syslog server, simply choose one of the two collection methods in InsightOps. Both options require that you specify the port and protocol.