Page tree

Contents

You can do the following to manage the Reporting and Analytics App:

Upgrading Reporting and Analytics App

You can download the latest version of the Infoblox Reporting and Analytics App from the Infoblox Support site. You can then upgrade this App on your reporting server.
To upgrade the Reporting and Analytics App:

  1. Check your current version of the App in the Reporting Help tab.
  2. Check if there is a later version that is available on the Infoblox Support site.
  3. Download the .bin2 file from Infoblox Support site.
  4. From the Administration tab, select the Reporting tab.
  5. Click Upgrade Reporting & Analytics App from the Toolbar.
  6. In the Upgrade Reporting & Analytics App dialog box, click Select. In the Upload dialog box, click Select, navigate to the .bin2 file, select it, and then click Upload.
  7. After the Reporting and Analytics App is upgraded, click Restart to restart the Reporting service.

Backing Up and Restoring the Infoblox Reporting and Analytics App

To back up the Reporting and Analytics App, go to the Grid tab, select Backup -> Grid Backup -> Manual Backup from the Toolbar, and then select Infoblox Reporting & Analytics App to back up the app. When you back up the Reporting and Analytics App, the backup file is a .bak file that contains the reporting settings configured in the Grid Reporting Properties.
To restore the Reporting and Analytics App, go to the Grid tab, select Restore -> Restore Grid from the Toolbar, and then select Infoblox Reporting & Analytics App to restore the app.

Backing Up Reporting Data

Before you back up the reporting database, ensure that the reporting service is enabled on the reporting server. You cannot perform or schedule a backup if the reporting service is disabled on the reporting server. If you want to upgrade your reporting server, back up all the data before you power down the server. During an upgrade, the reporting server is automatically upgraded after the Grid Master. You cannot control or schedule when to upgrade the reporting server. For information about upgrades and upgrade groups, see Managing Upgrade Groups.
Note that reporting data backups are incremental backups, which means that backup files are copied to the designated file server only when there are new events generated since the last backup. Backing up of the reporting database to an FTP or SCP server using IPv4 or IPv6 is supported. The backup file is a .tar.gz file that contains the reporting data.

Note

If you stop an ongoing backup process, backup files are still being copied to the designated file server. When you perform a subsequent backup, the appliance appends incremental data to these backup files.

You can manually back up the reporting database or schedule a backup, but you cannot perform both at the same time. The backup process starts when the indexed data rolls from the hot bucket to the warm bucket. The hot bucket includes all inbound events and actively written data. Indexed data moves to the warm bucket when one of the following conditions is met:

  • The size of the reporting data reaches 1 GB
  • Data is 90 days old
  • The reporting server restarts

You can perform the following reporting data backups:

Backing Up the Reporting Database Manually

  1. From the Grid tab, select Backup -> ReportingBackup -> ManualBackup from the Toolbar.
  2. In the ManualReportingBackup editor, complete the following:
    • Status: Displays the status of the backup process of the last operation.
    • Backupto: Select the destination of the backup file from the drop-down list:
      • FTP: Back up the reporting database to an FTP server.
        • Filepath: Enter the directory path. For example, you can enter /archive/backups/Infoblox/.
        • IP Address of FTP Server: The IP address of the FTP server.
        • Username: Enter the username of your FTP account.
        • Password: Enter the password of your FTP account.
      • SCP: Back up the reporting database to an SSH server that supports SCP.
        • Filepath: Enter the directory path. For example, you can enter /archive/backups/Infoblox/.
        • IP Address of SCP Server: The IP address of the SCP server.
        • Username: Enter the username of your SCP account.
        • Use Keys: If you select this checkbox, you can back up files to SCP without entering the password. The first time you select the checkbox, you need to enter the password. However, during subsequent times, the Infoblox server verifies whether Infoblox keys are available on the SCP server. If they are available, you can click the Backup button without entering the password. If Infoblox keys are not available on the SCP server, the following message is displayed:
          Reporting backup has failed.
        • Password: Enter the password of your SCP account.
        • Keys Type: Select the SSH key type to be uploaded. At present, only ECDSA and RSA keys are supported. Click Upload Keys to upload the keys to the SCP server. If the keys are not available, click Download Keys to download the keys and manually add them to the SCP server.

Notes

  • If you are using Fedora, ECDSA keys are supported only on Fedora versions later than Fedora 12.
  • When you select FTP or SCP, ensure that you have a valid user name and password on the server prior to backing up the files. Also ensure that the target SSH server has the required permissions for an SCP backup. The permission must be 755 and the target server must have write permission to the directory to which you upload the backup file.
  • For an SCP backup, ensure that you are logged in as the user for whom the key was created. Also ensure that the .ssh directory on the server and the files it contains, have the correct permissions: chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/
  • If you promote a Grid Master or perform an HA failover, you must upload the SSH key once again for a successful SCP backup using keys.

Scheduling the Backup of the Reporting Database

  1. From the Grid tab, select Backup -> ReportingBackup -> ScheduleBackup from the Toolbar.
  2. In the ScheduleReportingBackup editor, complete the following:
    • Status: Displays the status of the backup process of the last operation. Select the destination of the backup file from the Backupto drop-down list:
    • FTP: Back up the reporting database files to an FTP server.
      • IP Address of FTPServer: The IP address of the FTP server.
      • Directory Path: Enter the directory path. For example, you can enter /archive/backups. The directory path cannot contain spaces. The folder or directory you enter here must already exist on the specified server. Do not include the file name in the directory path.
      • Username: Enter the username of your FTP account.
      • Password: Enter the password of your FTP account.
      • Recurrence: Select how often you want to back up the files. You can select Weekly, Daily, or Hourly from the drop-down list. When you select Weekly, complete the following:
        • Every: Choose a day of the week from the drop-down list.
        • Time: Enter a time in the hh:mm:ss AM/PM format. You can also click the clock icon and select a time from the drop-down list. The Grid Master creates a backup file on the selected day and time every week.
          When you select Daily, enter a time in the hh:mm:ss AM/PM format. You can also select a time from the drop-down list.
          When you select Hourly, complete the following:
        • Minutes after the Hour: Enter the minute after the hour when the Grid Master creates a backup file. For example, enter 5 if you want the Grid Master to create a backup file five minutes after the hour every hour.
      • Disable Scheduled Backup: Select this if you want to disable automatic backups from occurring now, but want to save the settings for future use.
    • SCP: Back up the reporting database to an SSH server that supports SCP.
      • IP Address of SCP Server: The IP address of the SCP server.
      • Directory Path: Enter the directory path of the file. For example, you can enter /archive/backups. The directory path cannot contain spaces. The folder or directory you enter here must already exist on the specified server. Do not include the file name in the directory path.
      • Username: Enter the username of your SCP account.
      • Use Keys: If you select this checkbox, you can back up files to SCP without entering the password. The first time you select the checkbox, you need to enter the password. However, during subsequent times, the Infoblox server verifies whether Infoblox keys are available on the SCP server. If they are available, you can click the Backup button without entering the password. If Infoblox keys are not available on the SCP server, the following message is displayed:
        Reporting backup has failed.
      • Password: Enter the password of your SCP account.
      • Keys Type: Select the SSH key type to be uploaded. At present, only ECDSA and RSA keys are supported. Click Upload Keys to upload the keys to the SCP server. If the keys are not available, click Download Keys to download the keys and manually add them to the SCP server.
      • Recurrence: Select how often the scheduled backups should occur. You can select Weekly, Daily, or Hourly. For information, see the FTP section.
      • Disable Scheduled Backup: Select this if you want to disable automatic backups from occurring now. You can still save the settings for future use.

Notes

  • If you are using Fedora, ECDSA keys are supported only on Fedora versions later than Fedora 12.
  • When you select FTP or SCP, ensure that you have a valid user name and password on the server prior to backing up the files. Also ensure that the target SSH server has the required permissions for an SCP backup. The permission must be 755 and the target server must have write permission to the directory to which you upload the backup file.
  • For an SCP backup, ensure that you are logged in as the user for whom the key was created. Also ensure that the .ssh directory on the server and the files it contains, have the correct permissions: chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/
  • If you promote a Grid Master or perform an HA failover, you must upload the SSH key once again for a successful SCP backup using keys.

Restoring the Reporting Database

Restoring the reporting database may take a long time to perform, and the reporting service is unavailable during a restore. Ensure that you back up the reporting database before you perform the operation. Restoring of reporting database from an FTP or SCP server using IPv4 or IPv6 is supported.
Note the following during a restore:

  • The reporting service is unavailable.
  • Existing reporting data is removed from the reporting server.
  • Backup data is restored up to the amount the reporting server can accommodate.

Note

The Volume Used Today displayed in the Device Information section will not be updated after restoring the data. Also, when you restore data or execute the CLI command reset reporting_data, the volume violation count will be reset to zero on the second day.


  1. From the Grid tab, select Restore -> Restore Reporting from the Toolbar.
  2. In the Restore dialog box, complete the following:
    • Status: Displays the status of the restore process, if in progress.

Select the destination of the backup file from the Restore from drop-down list:

    • FTP: Restore the reporting backup files from an FTP server.
      • Filepath: Enter the directory path. For example, you can enter /archive/backups/Infoblox/.
      • IP Address of FTP Server: The IP address of the FTP server.
      • Username: Enter the username of your FTP server account.
      • Password: Enter the password of your FTP server account.
    • SCP: Restore the reporting backup files from a SCP server.
      • Filepath: Enter the directory path. For example, you can enter /archive/backups/Infoblox/.
      • IP Address of SCP Server: The IP address of the SCP server.
      • Username: Enter the username of your SCP server account.
      • Password: Enter the password of your SCP server account.

3. Click Restore.

Best Practices for Backing Up Reporting Data

The following are some best practices that you must implement when backing up reporting data:

Best Practices for Backing Up

  • The first backup of the reporting data is a full backup. Subsequent backups irrespective of scheduled or manual are incremental backups. Infoblox recommends that you do not change the backup directory for each backup.
  • Reporting data backups are incremental. Any modification or deletion of the backed up data can create an impact when the data is restored.
  • If you upgrade or replace the Reporting server, Infoblox recommends that you back up the reporting data and the Infoblox Reporting and Analytics App.
  • Once the reporting data is restored on a Grid, subsequent backups include only the new data.

Best Practices for Upgrading or Replacing the Reporting Server (Single Indexer)

  • After you upgrade or replace the Reporting server, restore the Infoblox Reporting and Analytics App to restore any custom reports or Grid settings.
  • After you upgrade or replace the Reporting server, restore the reporting data from the reporting backup to view the historic reporting data.

Best Practices for Upgrading or Replacing the Reporting Server (Single or Multi-Site Cluster)

  • If the Grid has a reporting configuration updated from a single indexer to a single or multi-site cluster, data replication starts only for the data indexed after clustering. If you upgrade or replace the old reporting server, you may lose the data indexed before clustering. Infoblox recommends that you restore the reporting backup to view historic data.

Infoblox-4030 Supported Dashboards

The IB-4030 appliance provides the following predefined dashboards. For information about these dashboards, see Predefined Dashboards.

DNS Reports 

  • DNS Replies Trend
  • DNS Top Clients
  • DNS Query Rate by Query Type
  • DNS Response Latency Trend
  • DNS Query Rate by Member
  • DNS Replies Trend
  • DNS Replies Trend
  • DNS Top SERVFAIL Errors Sent
  • DNS Top SERVFAIL Errors Received
  • DNS Top Timed-out Recursive Queries
  • DNS Top Requested Domain Names
  • DNS Top Clients
  • DNS Top NXDOMAIN /NOERROR (no data)

Security (DNS) Reports

  • DNS Top RPZ Hits
  • DNS Top RPZ Hits by Clients
  • FireEye Alerts
  • Threat Protection Event Count By Severity Trend
  • Threat Protection Event Count By Rule
  • Threat Protection Event Count By Time
  • Threat Protection Event Count By Category
  • Threat Protection Event Count By Member
  • Threat Protection Event Count By Member Trend
  • DNS Top Tunneling Activity
  • DNS Tunneling Traffic by Category
  • Top Malware and DNS Tunneling Events by Client

System Reports

  • CPU Utilization Trend
  • Memory Utilization Trend
  • Traffic Rate by Member
  • License Pool Utilization

Reports with Data Synchronized from Microsoft Servers


Note: The DNS reports listed in the following table displays data synchronized from the Microsoft servers only when you have enabled synchronization of reporting data for the Grid or the Microsoft servers. For information about enabling synchronization of DNS reporting data from the Microsoft server, see Synchronizing DNS Reporting Data.


Infoblox supports the following versions of Microsoft Windows servers in displaying reporting data from both NIOS and the Microsoft servers:

  • DNS Reports: Microsoft Windows 2012 R2 and Microsoft Windows 2016.
  • DHCP Reports: Microsoft Windows 2008, Microsoft Windows 2008 R2, Microsoft Windows 2012, Microsoft Windows 2012 R2, and Microsoft Windows 2016.
  • IPAM Reports: Microsoft Windows 2008, Microsoft Windows 2008 R2, Microsoft Windows 2012, Microsoft Windows 2012 R2, and Microsoft Windows 2016.

The following reports display data from both NIOS and the Microsoft servers. For detailed information about these reports, see Predefined Dashboards.

DNS Reports 

  • DNS Top Requested Domain Names
  • DNS Top Clients

  • DNS Top Clients Per Domain
  • DNS Query Rate by Query Type
  • DNS Query Rate by Member
  • DNS Daily Query Rate by Member
  • DNS Daily Peak Hour Query Rate by Member
  • DNS Top NXDOMAIN /NOERROR (no data)
  • DNS Top SERVFAIL Errors Sent
  • DNS Top SERVFAIL Errors Received
  • DNS Top Timed-out Recursive Queries
  • DNS Query Trend per IP Block Group
  • DDNS Update Rate Trend

Following DNS reports are generated if a Data Collector VM is registered with the Grid:

  • DNS Domain Queried by Client
  • DNS Domain Query Trend
  • DNS Top Clients by Query Type
  • DNS Top Clients Querying MX Records

DHCP Reports

  • DHCPv4 Usage Trend
  • DHCPv4 Usage Statistics
  • DHCPv4 Range Utilization Trend
  • DHCPv4 Top Utilized Networks
  • DHCP Lease History
  • DHCP Top Lease Clients
  • DHCP Message Rate Trend

IPAM Reports

  • IPAMv4 Network Usage Statistics
  • IPAMv4 Network Usage Trend
  • IPAMv4 Top Utilized Networks

This page has no comments.