After you have set up and configured RPZs and RPZ rules, you can verify whether the RPZ zone transfers are functioning properly by doing the following:
The appliance also makes a syslog entry, when an RPZ zone refresh succeeds or fails and also sends an SNMP trap and an email notification, if configured. For information about setting SNMP and email notification, see Setting SNMP and Email Notifications.
To receive RPZ information in the syslog, make sure that you enable the RPZ option in the Logging tab of the Grid DNS Properties editor. For information about configuring logging properties, see Setting DNS Logging Categories. Once the RPZ option is enabled, the appliance logs RPZ threats in CEF (Common Event Format) in the syslog. You can click the Action icon to view the RPZ threat details in the RPZ Threat Details viewer. For information about how to configure the syslog server, see Using a Syslog Server.
Following is a sample RPZ threat message:
2014-09-15T07:14:47-07:00 daemon info rpz:
CEF:0|Infoblox|NIOS|6.12.0-252689|RPZ-QNAME |PASSTHRU|7|app=DNS dst=172.31.1.156
src=10.120.20.69 spt=39503 view=_default qtype=A msg="rpz QNAME PASSTHRU rewrite
passthru.com [ANY] via passthru.com.rpz_1.com
Each log message contains the following information:
The syslog messages are optionally tagged according to the logging category configured in the external syslog servers. For more information, see Syslog Message Prefixes.
To verify RPZ zone transfers:
Figure 42.5 The Syslog Viewer
To view the last updated RPZs:
Note: It may take up to 10 minutes before the updated information is displayed.
Figure 42.6 Last Updated RPZ
This page has no comments.