This chapter describes the Infoblox Reporting and Analytics solution and its features. It explains how to navigate through the user interface, view predefined dashboards, create personal reports and searches. It also provides best practices for customizing searches and setting permissions, and describes the reporting clustering feature and how to configure a reporting cluster.
It contains the following sections:
- Infoblox Reporting and Analytics
- Licensing Requirements
- Administrative Permissions
- Configuring an External Server for Search Result Exports
- About Reporting Clustering
- Clustering Overview
- Reporting Cluster Modes
- Clustering Data Replication
- ReportingSite Extensible Attribute
- Monitoring Reporting Cluster Status
- Promoting the Grid Master Candidate in Multi-Site Clustering
- Reporting Categories and Related Data Sources
- Configuring Reporting Clusters
- Assigning a ReportingSite EA Value to a Multi-Site Cluster
- Validating Reporting Clustering Configuration
- Guidelines for Deploying Reporting Clusters
- Grid Reporting Properties
- Configuring Grid Reporting Properties
- Reporting (Index) Storage Space
- Modifying Member Reporting Properties
- Defining Interface for Reporting Traffic
- Setting the Network Port for Reporting
- Specifying the Data Generation Interval for Reports
- Configuring Threat Protection Data
- Monitoring DNS Client Queries
- Forwarding Syslog Data to the Reporting Server
- About IP Blocks and IP Block Groups
- Reporting User Interface Overview
- About Searches
- About Alerts
- About Reports
- About Dashboards
- Predefined Dashboards
- Audit Log Events
- DHCPv4 Top Utilized Networks
- DNS Statistics per DNS View
- DNS Statistics per Zone
- IPAMv4 Network Usage Statistics
- IPAMv4 Network Usage Trend
- IPAMv4 Top Utilized Networks
- Inactive IP Addresses
- Port Capacity Utilization by Device
- Port Capacity Delta by Device
- Port Capacity Trend
- Port Capacity Utilization by Device
- IP Address Inventory
- Network Inventory
- End Host History
- Device Interface Inventory
- Device Inventory
- Device Components
- IPAMv4 Device Networks
- Device Class Trend
- Device Fingerprint Change Detected
- Device Trend
- DHCP Lease History
- DHCP Message Rate Trend
- DHCP Top Lease Clients
- DHCPv4 Range Utilization Trend
- DHCPv4 Usage Statistics
- DHCPv4 Usage Trend
- Top Device Classes
- Top Devices Denied an IP Address
- Top Devices Identified
- DDNS Update Rate Trend
- DNS Cache Hit Rate Trend
- DNS Daily Peak Hour Query Rate by Member
- DNS Domain Query Trend
- DNS Domain Queried by Client
- Top DNS Clients by Query Type
- Top DNS Clients Querying MX Records
- DNS Daily Query Rate by Member
- DNS Query Rate by Query Type
- DNS Query Trend per IP Block Group
- DNS Replies Trend
- DNS Response Latency Trend
- DNS Scavenged Object Count Trend
- DNS Query Rate by Member
- DNS Top Clients
- DNS Top Clients Per Domain
- DNS Top NXDOMAIN / NOERROR (no data)
- DNS Top Requested Domain Names
- DNS Top SERVFAIL Errors Sent
- DNS Top SERVFAIL Errors Received
- DNS Top Timed-out Recursive Queries
- DNS Traffic Control Resource Availability Status
- DNS Traffic Control Resource Availability Trend
- DNS Traffic Control Resource Pool Availability Trend
- DNS Traffic Control Resource Pool Availability Status
- DNS Traffic Control Response Distribution Trend
- FireEye Alerts
- DNS Top RPZ Hits
- DNS Top RPZ Hits by Clients
- Top DNS Firewall Hits
- DNS RPZ Hits Trend By Mitigation Action
- Malicious Activity by Client
- DNS Firewall Executive Threat
- Threat Protection Event Count By Severity Trend
- Threat Protection Event Count By Member Trend
- Threat Protection Event Count By Rule
- Threat Protection Event Count By Time
- Threat Protection Event Count By Category
- Threat Protection Event Count By Member
- Threat Protection Top Rules Logged
- Threat Protection Top Rules Logged by Source
- DNS Top Tunneling Activity
- DNS Tunneling Traffic by Category
- Top Malware and DNS Tunneling Events by Client
- VM Address History
- User Login History Report
- Subscription Data
- Publish Data
- CPU Utilization Trend
- Memory Utilization Trend
- Traffic Rate by Member
- License Pool Utilization
- System Capacity Prediction Trend
- IPAM Prediction Dashboard
- Reporting Index Usage Statistics
- Reporting Volume Usage Trend per Category
- Reporting Volume Usage Trend per Member
- Managing Reporting Data
- Infoblox-4030 Supported Dashboards
- Reports with Data Synchronized from Microsoft Servers
Infoblox Reporting and Analytics
The Infoblox Reporting and Analytics solution automates the collection, analysis, and presentation of core network service data that assists you in planning and mitigating network outage risks so you can manage your networks more efficiently. It provides predefined dashboards and reports that capture useful information about the activities and performance of core network services. It also provides an enhanced reporting interface so you can create custom dashboards, reports, and alerts.
NOTE: For Reporting and Analytics to function properly, ensure that you DO NOT create a SHA-256 4096 SSL key for the HTTPS certificate in your Grid because Java does not support SHA-256 with a 4096 key size.
Through reporting clustering, you can combine and configure multiple reporting members in a cluster. These reporting members work together to provide greater performance with higher data throughput and indexing capacity. The cluster also efficiently scales storage and indexing capacity. Reporting data is replicated among these reporting appliances to ensure continuous service even if one of the servers fails. You can configure more reporting appliances in multiple locations (sites) so that reporting data and service can be recovered from catastrophic disasters. Thus, the reporting clustering solution increases scale, offers higher reporting performance and greatly improves the reliability of the Reporting and Analytics solution. For information about this feature, see About Reporting Clustering.
When you set up a reporting appliance with valid licenses in the Grid, the reporting server acts as an indexer that collects data from Grid members while the members are forwarders that transmit information to the reporting server. The reporting server indexes all raw data and transforms it into searchable events. Depending on your needs, you can enable certain Grid members as forwarders and disable others so the reporting server receives only the information you need from specific members. Figure 40.1 depicts the high-level configuration of the NIOS Reporting and Analytics solution:
Figure 40.1 Infoblox Reporting and Analytics Overview
The Infoblox reporting solution supports both IPv4 and IPv6 networks and you can configure a reporting member in IPv4, IPv6, or in dual mode (IPv4 and IPv6) network environment. An IPv4 reporting member uses IPv4 as the communication protocol, so you can add an IPv4 reporting member to an IPv4 or dual mode Grid. An IPv6 reporting member uses IPv6 as the Grid communication protocol, so you can add an IPv6 reporting member to an IPv6 or dual mode Grid. But a dual mode reporting member can use either IPv4 or IPv6 as the communication protocol, so you can add a dual mode reporting member to an IPv4, IPv6, or a dual mode Grid. For more information about how to set up the communication protocol, see Changing the Communication Protocol for a Dual Mode Appliance.
Upgrading from a Previous NIOS Release
When you upgrade from a previous NIOS release to NIOS 7.3.x and later releases, you will notice that some of the reporting features and terminologies have changed. For example, searches and reports in previous NIOS releases are now reports and dashboards respectively in the new reporting solution. In addition, your custom reports might be affected. Infoblox recommends that you take some time to explore the new user interface and get familiar with the terminologies.
You can continue to use the Infoblox predefined reports from previous releases in the new interface and customize them to meet your specific requirements, or you can create new custom reports from the ground up using a powerful search pattern.
Note: Infoblox Reporting and Analytics integrates with Splunk to deliver an enhanced reporting interface so you can create dashboards, reports, and alerts. This chapter attempts to explain all reporting functionality you can perform through the enhanced interface. However, you may need to refer to the Splunk documentation for certain functionality as indicated in specific sections of this chapter. In addition, some functions and capabilities referenced in the Splunk documentation, such as setting up custom Python scripts, are not available or applicable to the Infoblox Reporting and Analytics as some Splunk functionality in the Infoblox product may be limited or modified by Infoblox. Infoblox does not represent or warrant that Infoblox Reporting and Analytics will function in accordance with the Splunk documentation. Infoblox is also not responsible for the accuracy of the Splunk documentation. For Infoblox Reporting and Analytics technical support, contact Infoblox Technical Support. DO NOT contact Splunk.
When you upgrade from a previous NIOS release to NIOS 7.3.x and later, there are some significant changes to the Reporting and Analytics solution. Some of the important changes are as follows:
- Terminology: The following table lists the terminology differences when you upgrade:
Table 40.1 Reporting Terminology Changes
Pre-NIOS 7.3.0 Release
NIOS 7.3.0 and later
- Object Management: NIOS no longer manages reporting objects such as searches, smart folders, alerts, and reports. You will not be able to perform operations such as global search, quick filtering, bookmarking, and others for these objects. You can now manage these objects through the new user interface.
Note: Smart folders are migrated after an upgrade. However, data in the smart folders is not migrated, and all filters for the smart folders are reset to default.
- Permissions: Permissions for all reporting objects are migrated to the new Reporting and Analytics solution and managed through the new user interface after an upgrade. You may see the new built-in role, Everyone, when configuring Reporting permissions. For best practices, do not alter permissions for this new built-in role. Note that the Reporting Dashboard and Reporting Search global permissions have been removed. If an admin group or admin role was granted these permissions before an upgrade, the permissions will still be displayed after an upgrade. However, they won't take any effect. The Grid Reporting Properties permission is retained. In addition, reporting object permissions for dashboards and searches (including global dashboards and searches) are migrated. These object permissions are retained for applicable migrated users. If permissions were granted to a specific admin group for a dashboard or search before an upgrade, only these admin users and superusers have permissions to access the migrated dashboard and report after an upgrade. If a limited-access user group is created through the new interface after the upgrade, users in this admin group will not be able to access the dashboard and report even if they are granted access to the Infoblox Reporting and Analytics App. Superusers must explicitly grant permissions to this limited-access admin group for users in this group to access the dashboard and report. For more information, see Granting Permissions.
- Navigation and Visualization: Navigations for some reporting functions, such as searches, alerts, email and page settings, and email PDF delivery, have changed. You can navigate through the new user interface to get familiar with the changes in this release. In addition, all predefined reports might look different than the traditional ones depending on your filtering configuration. The Grid Reporting Properties editor and Groups tab are moved under the Administration tab –> Reporting tab.
Note: Bookmarked groups are migrated after an upgrade. The bookmarked group navigates to the Administration tab –> Reporting tab –> Groups tab.
- Extensible Attributes: The reports that supported filtering and grouping by multiple extensible attributes are migrated to the new interface with filtering and grouping only by the extensible attribute Site. You must clone the dashboard, add filter inputs and modify the view XML to support additional extensible attributes. For information, see Editing the XML Source Code of a Dashboard.
- Searches and Reports: Only NIOS system and global reports and searches are migrated to NIOS 7.3.0 and later versions as dashboards and reports respectively. All user private reports and searches are dropped. In addition, bookmarked reports and searches are not migrated to 7.3.x release. If you want to keep any customization for the user private dashboards and reports, do one of the following:
- Create global dashboards and reports using the same settings.
- After an upgrade, you can clone the corresponding migrated system or global dashboards and reports, and then reconfigure the original settings, such as filters and scheduling in the new user interface.
- Custom Search: You can create your own search pattern and save it as a dashboard or report. For information, see About Searches.
After completing the NIOS upgrade successfully, you configure the Grid Reporting properties and remote server (FTP, SCP, or TFTP) to export search results. For information, see Configuring Grid Reporting Properties and Configuring an External Server for Search Result Exports.
This page has no comments.