Infoblox VMware vRealize Log Insight Content Pack … · Infoblox VMware vRealize Log Insight Content Pack User Manual Version 1.2

Infoblox VMware vRealize Log Insight Content Pack

User Manual

Version 1.2

Copyright © 2015 Infoblox. All Rights Reserved. 2

Release History

S# Version Date History

1 1.0 14 May 2015 Initial Version

2 1.1 15 May 2015 IPAM, DHCP and DNS Dashboard changes for Infoblox DDI VMware

vRealize LogInsight Content Pack version 1.5

3 1.2 19 May 2015 Added Steps to enable Syslog forwarding in Infoblox DDI appliance


Table of Contents 1 Introduction .............................................................................................................................. 4

2 Infoblox vRealize Log Insight Content Pack Installation .............................................................. 4

3 Enabling Syslog forwarding in Infoblox DDI appliance ................................................................ 7

4 Dashboards.............................................................................................................................. 13

4.1 General - Overview Dashboard ......................................................................................... 14

4.2 General – Security Dashboard .......................................................................................... 14

4.3 IPAM – Configuration Dashboard ..................................................................................... 15

4.4 DNS – Configuration ......................................................................................................... 16

4.5 DHCP – Configuration ....................................................................................................... 18

5 Alerts ....................................................................................................................................... 19

6 Extracted Fields ....................................................................................................................... 20

7 Getting Support for the Infoblox Content Pack for Log Insight .................................................. 30


1 Introduction

The Trinzic Network Services and Management family of products enable companies to manage,

control, and optimize DNS, DHCP, and other services.

The product family leverages existing investments, paves the way to the Cloud, and ensures network

services uptime.

VMware vRealize Log Insight delivers automated log management through log analytics, aggregation

and search. Infoblox DDI appliance provides comprehensive logs for DHCP, DNS and IPAM events

and they are provided to Infoblox vRealize Log Insight Content Pack.

Infoblox vRealize Log Insight Content Pack provides powerful visualizations into DHCP, DNS and

IPAM events for proactive monitoring and auditing.

Customers can monitor multiple DDI appliances from vRealize Log Insight appliance using Infoblox

vRealize Log Insight Content Pack. It provides for –

1. Powerful Monitoring

Customers can monitor DHCP, DNS and IPAM Configuration for quick problem resolution.

Additionally the Content Pack provides authentication and system status information.

2. Alerting

Customers can configure alerts for configuration changes in DHCP, DNS and IPAM as well as on

Authentication events.

3. Break down of Events

Infoblox vRealize Log Insight Content Pack provides multiple extracted fields, from the events, which

helps in trouble shooting and root cause analysis.

2 Infoblox vRealize Log Insight Content Pack Installation To install the Content Pack, click on the three lines next to admin.

http://www.vmware.com/products/vcenter-log-insight/


Click “Content Packs”

Select “Import Content Pack” at the lower left corner of the screen


Browse to the location of the Content Pack –

Click on Import


3 Enabling Syslog forwarding in Infoblox DDI appliance

To enable Syslog forwarding, log on to Grid Manager and click on “Grid tab”.

Click on “Grid Properties” on the right side menu.


Grid properties configuration screen will appear.

Click on “Monitoring” option on the left menu.


Select the check box “Log to External Syslog Servers”.


Click on “+” sign, this will bring up the screen to add the configuration for the external server.

Enter the address of the VMware vRealize Log Insight appliance, in the example below VMware

vRealize Log Insight appliance is on IP address 172.26.1.13 and is listening on UDP port 514.


NIOS Syslog messages, which are to be sent to the VMware vRealize Log Insight server, can be

selected in this same screen by scrolling down. In the example below, all the Syslog messages are

getting sent to the VMware vRealize Log Insight appliance.


Click on the “Add” button to add the external server.


Audit Log messages can also be sent to the Syslog server by selecting the checkbox “Copy Audit Log

Messages to Syslog”.

Click on the “Save and Close” button.

4 Dashboards

Infoblox VMware vRealize Log Insight Content Pack provides the following dashboards -

General – Overview

This dashboard gives the consolidated information of IPAM, DHCP, DNS and Restart events

General – Security

This dashboard provides the information about successful and failed log in events.

IPAM – Configuration

This dashboard displays information about IPAM Network container and IPAM Network

events.

DNS – Configuration

This dashboard displays information about DNS Zone events and DNS Host Record events.

DHCP – Configuration

This dashboard displays information about DHCP Range and DHCP Reserved Range events.


4.1 General - Overview Dashboard

General Overview Dashboard provides the consolidated information for IPAM, DNS and DHCP and

restart events. It has the following widgets -

IPAM Configuration Events Over Time

Total number of of IPAM events received over time. This includes IPAM Network Container

and Network - Creation, Modification and Deletion events.

DNS Configuration Events Over Time

The total number of DNS events received over time. These include DNS configuration and

run time events.

Note:

1. DNS configuration events include Zone Creation, Modification and Deletion events.

2. DNS run time events include Host Record Creation, Modification and Deletion events.

DHCP Configuration Events Over Time

Total number of DHCP events received over time. This includes DHCP Range and Reserved

Range - Creation, Modification and Deletion events.

Grid Service Restart Events Over Time

Grid service restarts are required for the NIOS to load the configured settings.

This chart displays all the Grid service restart events over time.

4.2 General – Security Dashboard

This dashboard provides the widgets for –


Failed Authentication Events Over Time

This chart displays the failed log in Authentication events over time.

Successful Authentication Events Over Time

This chart displays the successful log in Authentication events over time.

Logout Events Over Time

This chart displays the successful log out Authentication events over time.

Failed Authentication Events With Details

This chart displays the failed log in Authentication event along with details.

Failed and Successful Events by Source

This chart displays the Failed and Successful log in Authentication by source.

Failed Events by Connector IP

This chart displays the failed log in Authentication events grouping by Connector IP.

4.3 IPAM – Configuration Dashboard

This dashboard contains the widgets for –

Network Container Events Over Time

This chart displays the IPAM Network Container Creation, Modification and Deletion events

over time.

Network Container Events By Operation


This chart displays the IPAM Network Container events by operation type - Creation,

Modification or Deletion.

Network Container Events By Network Container Address

This chart displays the IPAM Network Container events by the Network Container address.

Network Events Over Time

This chart displays the IPAM Network Creation, Modification and Deletion events over time.

Network Events By Operation

This chart displays the IPAM Network events by operation - Creation, Modification or

Deletion.

Network Events By Network Address

This chart displays the Network events by the network address.

4.4 DNS – Configuration

This dashboard contains the widgets for –

DNS Zone Events Over Time

An authoritative zone is a zone for which the local (primary or secondary) server references

its own data when responding to queries. The local server is authoritative for the data in this

zone and responds to queries for this data without referencing another server.

This chart displays the DNS Zone Creation, Modification and Deletion events over time.


DNS Zone Events By Operation




This chart displays the DNS Zone events by operation type - Creation, Modification or

Deletion.

DNS Zone Events By FQDN




This chart displays the DNS Zone events by FQDN.

DNS Host Record Over Time

A host record defines attributes for a node, such as the name-to-address and address-to-

name mapping. This alleviates having to specify an A record and a PTR record separately for

the same node. A host can also define aliases and DHCP fixed address nodes. The zone must

be created first before adding a host record for the zone.

This graph displays the DNS Host Record Creation, Modification and Deletion events over

time.

DNS Host Record Events by Operation

A host record defines attributes for a node, such as the name-to-address and address-to-

name mapping. This alleviates having to specify an A record and a PTR record separately for

the same node. A host can also define aliases and DHCP fixed address nodes. The zone must

be created first before adding a host record for the zone.

This graph displays the DNS Host Record events by operation - Creation, Modification or

Deletion.

DNS Host Record Events by FQDN




This chart displays the DNS Zone events by FQDN.


4.5 DHCP – Configuration

This dashboard displays information about DHCP Range and DHCP Reserved Range events –

DHCP Range Events Over Time

This chart displays the NIOS DHCP Range Creation, Modification and Deletion events over

time.

DHCP Range Events By Operation

This chart displays the NIOS DHCP Range events by operation - Creation, Modification or

Deletion.

DHCP Range Events By Range Address

This chart displays the DHCP Range events by Range Address.

DHCP Reserved Range Events Over Time

This chart displays the DHCP Reserved range Creation, Modification and Deletion events

over time.

DHCP Reserved Range Events By Operation

This chart displays the DHCP Reserved Range events by operation - Creation, Modification or

Deletion.

DHCP Reserved Range Events By Reserved Range Address

This chart displays the DHCP Reserved Range events by Reserved Range Address.


5 Alerts

Infoblox vRealize Log Insight Content Pack provides the alerts for the following -

NIOS Any Authentication Event

This alert is sent on any Authentication event in NIOS.

NIOS Any DHCP Configuration Event

This alert is sent on any DHCP Range or DHCP Reserved Range configuration event in NIOS.

NIOS Authentication Failed Event

This alert is sent on Authentication failure.

NIOS Any IPAM Configuration Event

This alert is sent on any IPAM Network or Network configuration event.

NIOS Any DNS Configuration Event

This alert is sent on any DNS Zone or DNS Host Record configuration event.


6 Extracted Fields

Infoblox vRealize Log Insight Content Pack provides the following extracted fields –

nios_cidr

This field gives the CIDR for the Network Address.

nios_dhcp_range_operation

This field gives the NIOS DHCP Range operation type.


nios_dhcp_range

This field gives the DHCP Range which has been created.

nios_dns_view

This field gives the NIOS DNS view.


nios_dns_zone_operation

This field gives the NIOS DNS Zone operation type.

nios_fqdn

This field gives the Fully Qualified Domain Name which has been configured.


nios_grid_member

This field gives the NIOS Grid member information.

nios_host_record_addr

This field gives the Host Record which has been created.


nios_host_record_fqdn

This field gives the FQDN in the Host Record.

nios_host_record_operation

This field gives the Host Record operation type.


nios_network

This field gives the Network which has been created.

nios_network_container

This field gives the Network Container which has been created.


nios_network_container_operation

This field gives the Network Container Operation type.

nios_network_operation

This field gives the Network Operation type.


nios_network_view

This field gives the network view.

nios_ns_group

This field gives the NS group name.


nios_reserved_range_operation

This field gives the NIOS DHCP Reserved Range operation type.

nios_reservedrange

This field gives the DHCP Reserved Range which has been created.


nios_security_apparently_via

This field gives the source of the Authentication event.

nios_security_connector_ip

This field gives the Security connector IP address information.


nios_trigger_event

This field gives the Security connector IP address information.

7 Getting Support for the Infoblox Content Pack for Log Insight Infoblox does not offer telephone support for the Infoblox Content Pack for Log Insight. If you

require technical assistance or have any questions, comments or feedback related to this content

pack please post them to Infoblox Community at this URL: https://community.infoblox.com/

https://community.infoblox.com/

Documents

Infoblox VMware vRealize Log Insight Content Pack … · Infoblox VMware vRealize Log Insight Content Pack User Manual Version 1.2