Page tree

Contents

A status dashboard contains widgets from which you can view and manage data. Widgets are the building blocks of status dashboards. For more information about widgets, see Adding Widgets to Dashboards. They provide information about different aspects of your Grid and networks. For example, the Member Status widget provides general information about a Grid member, and the Network Statistics widget provides data for a specified network.
The appliance provides a default status dashboard. Grid Manager displays the default dashboard only when there are more than one widget on the dashboard. You can add and modify widgets in the default dashboard, but you cannot rename or delete it. From a dashboard, you can access your most commonly accessed tasks and monitor appliance status. You can configure your own status dashboards to which you can add widgets that help you manage different data. Configuring multiple status dashboards helps organize widgets in a meaningful way and improves dashboard and widget performance. This is especially useful when you have a Grid serving a large number of Grid members. When you configure a new dashboard, you can use the existing dashboard as a template. You can create up to 100 copies at a time using the Add Dashboard option. For information about how to add status dashboards, see Adding Status Dashboards.
You can add widgets to different dashboards, however, you can add only one widget at a time on each dashboard. The default number of widgets per dashboard is 10. The maximum number of widgets that you can add on each dashboard is 20 at a time. You can define the number of widgets that can be configured on each dashboard in User Profile. This limitation applies only to dashboards that you configure and does not apply to the default dashboard. For information about how to specify the widget limit, see Configuring Widget Limit per Dashboard.
Grid Manager provides a default Security dashboard if you have installed any or all of the following licenses on the appliance: Threat Protection, RPZ, and Threat Analytics. The Security dashboard contains widgets that help you monitor the security status of the Grid. In the Security dashboard, you can add and remove widgets, but you cannot rename or delete them.

Note

To ensure that the Security dashboard displays correct data, use NTP to synchronize the time of the Grid members with that of the Grid Master.


If you have configured a lot of status dashboards, you can use the Quick Navigation icon to quickly access each status dashboard. For information, see Using Quick Navigation. Figure 2.1 illustrates the typical layout in Grid Manager after you configure multiple status dashboards.

Figure 2.1 Status Dashboard

  
Configure Icon Dashboard OptionsList of Configured DashboardsQuick Navigation
You can do the following in the Status tab:

Adding Widgets to Dashboards

You can add all or some of the following widgets to your status dashboards depending on whether you are managing a Grid, an independent appliance, or an Infoblox Orchestration server:

Grid Manager displays the Security dashboard if you have any or all of the following licenses installed on your appliance: Threat Protection, RPZ, and Threat Analytics. The Security dashboard contains the following widgets, depending on the licenses installed on your appliance:

Note that you must have at least read-only permission to the objects that a widget displays. Otherwise, though you are allowed to select and place the widget on the dashboard, it does not display any information.
To add widgets to your dashboard:

  1. Default Status Dashboard: From the Dashboards -> Status tab -> Default tab, click the Configure icon -> Add Content. This is applicable when you have the default dashboard only.
    Configured Status Dashboards: From the Dashboards -> Status tab, select the configured status dashboard, click the Configure icon -> Add Content.
    Security
    Status Dashboard: From the Dashboards -> Status tab -> Security tab, click the Configure icon -> Add Content. This is applicable only when at least one member in the Grid has Threat Protection, RPZ, or Threat Analytics license. Note that the Security Status dashboard is a default dashboard and it cannot be renamed or deleted.
    Grid Manager displays thumbnails of the available widgets. Use the scroll bar on the right to scroll through the widgets, as illustrated in Figure 2.2.
  2. Click an icon on the filter panel, as illustrated in the Figure 2.2, to add a widget to the desired dashboard. Filter panel is categorized in to the following: Cloud , Security , DNS/DHCP , and Reset . When you click on an icon, Grid Manager displays thumbnails of the widgets belonging to the respective filter. If you click filters one after the other without clicking Reset, Grid Manager displays thumbnails of all widgets along with the icon that indicates the category to which the widget belongs. Click Reset to view only those widgets that belong to the selected category.
  3. Select and drag a widget to the desired location on your dashboard. You can also click  icon to add a widget to the desired dashboard.
    After you add a widget to the dashboard, you can configure it to provide relevant data. You can also copy or move a widget, by selecting and dragging it to its new location on your dashboard. Grid Manager saves your dashboard configuration and displays it the next time you log in.
    You can turn on auto-refresh by clicking On in the TurnAutoRefresh field at the top of the dashboard to periodically refresh the contents of all widgets in the dashboard. Click Off to disable auto-refresh for all widgets in the dashboard. When auto-refresh is disabled, you can enable it for individual widgets by clicking the Configure icon in the corresponding widgets. You can specify the auto-refresh period in seconds. The default auto-refresh period is 30 seconds.

    Warning

    If the Detailed Status panel is open, the following actions take place:

    • Grid Manager auto refreshes at a rate of 30 seconds.
    • Widgets that support user-specified auto refresh, refresh at the rate specified in the Auto Refresh Period field.

    Therefore, even if you set the session timeout to be to greater than the auto refresh rate, auto refresh still takes place. The Grid Manager session does not time out because auto refresh takes precedence over the session timeout. For more information about widgets, see Status Dashboard.

    Widgets have the following icons:

  • Copy/Move: Click to copy or move the widget from a dashboard to another. For information about how to copy or move, see Copying or Moving Widgets.
  • Span Up/Span Down: Click to resize the widget. Click Span Up to increase the width of the widget. Click Span Down to decrease the width of the widget. Note that the fully spanned widgets are moved to the top of the dashboard.
  • Refresh: Click to update the content of the widget. Each widget contains a status bar at the bottom that displays the last date and time it was updated.
  • Configure: Click to hide and show the configuration options of the widget.
  • Toggle: Click to minimize and restore the widget.
  • Close: Click to remove the widget from a dashboard.

Figure 2.2 Widgets Panel

Configuring Widget Limit per Dashboard

You can define the number of widgets that can be configured on each dashboard. This limitation applies only to dashboards that you configure and does not apply to the default dashboard.

  1. From the Dashboards -> Status tab, click the Configure icon -> User Profile.
  2. In the User Profile editor, complete the following:
    • Maximum Widgets per Dashboard: Specify the maximum number of widgets that can be configured per Dashboard. You can enter a value between 1 and 20. The default value is 10. This limit does not apply to the default dashboard.
  3. Save the configuration and click Restart if it appears at the top of the screen.

Adding Status Dashboards

You can create your own status dashboards and add the widgets that you need. You can configure up to 100 status dashboards at a time. When you create multiple instances of a dashboard, the appliance names each dashboard by adding an incremental suffix to the name of the new dashboard. For example, if you name a new dashboard "Corp_Dashboard" and specify the number of instances as three, then the appliance creates three instances of this new dashboard. In this example, the appliance creates three dashboards: Corp_Dashboard, Corp_Dashboard1, and Corp_Dashboard2. Note that the dashboards you create will not be available to other users. You cannot share dashboards you have created with other users.
Note that "Security" is reserved for the default Security dashboard. Grid Manager displays an error message if you name a new dashboard "Security".
To add a new status dashboard:

  1. From the Dashboards -> Status tab, click the Configure icon -> Add Dashboard.
  2. In the Add Dashboard wizard, complete the following:
    • Name: Enter a name for the new dashboard.
    • Add <> instances of this new dashboard: Enter the number of dashboards you want to create. The maximum number of dashboards you can create is 100 at a time.
    • Copy initial content from an existing dashboard: Select this check box if you want the appliance to copy the contents from an existing status dashboard into the new dashboard. After you select this check box, the appliance displays the list of configured dashboards. Select a dashboard from the list. By default, this check box is not selected.
  3. Save the configuration.

The appliance displays all dashboard instances in the Status tab.

Using Quick Navigation

You can use the Quick Navigation icon to quickly access a specific dashboard. The appliance provides the Quick Navigation icon at the right corner of the status dashboards, as illustrated in Figure 2.1.
To quickly navigate to a dashboard:

  1. From the Dashboards -> Status tab, click the Quick Navigation icon at the right corner of the dashboards. The list of configured dashboards is displayed.
  2. Select a dashboard or specify the name of the dashboard in the text box. The appliance displays the selected dashboard.

Renaming Status Dashboards

You can rename only the status dashboards that you have configured. You cannot rename the default dashboard and the Security dashboard.
To rename a dashboard:

  1. From the Dashboards -> Status tab, click the Configure icon -> Rename Dashboard.
  2. In the Rename Dashboard wizard, complete the following:
    • Select a dashboard: Select a dashboard from the drop-down list.
    • Name: Enter the new name of the dashboard.
  3. Do one of the following:
    • Click Save and Close to save the new name and close the wizard.
    • Click Save to save the new name and continue to rename other dashboards.

To rename a specific dashboard:

  1. From the Dashboards -> Status tab, select a dashboard that you want to rename.
  2. Click the Configure icon -> Rename Dashboard.
  3. In the Rename Dashboard wizard, enter the new name in the Name text box.
  4. Click Save and Close to save the new name and close the wizard.

Copying or Moving Widgets

You can copy or move a widget from one dashboard to another. When you add a widget that already exists, the appliance displays an error message. When you move a widget, it is moved from the source to the destination dashboard. The moved widget will not be available in the source dashboard anymore. When you copy a widget, the widget is duplicated and is available in both the source and destination dashboards. Note that the Copy/Move icon is not available in a widget if the appliance has only the default status dashboard.
To move or copy a widget:

  1. From the Dashboards -> Status tab, select a status dashboard.
  2. Select the widget that you want to copy or move, and then click the Copy/Move icon.
  3. In the Copy/Move <name of the widget> wizard, complete the following:
    • Copy: Select this to copy a widget.
    • Move: Select this to move a widget.
    • To Dashboard: Select the name of the destination dashboard.
  4. Click OK.

Reordering Status Dashboards

You can change the order of your status dashboards. When you add a new status dashboard, it is added as a tab. When you create multiple instances of a dashboard, they are added as subsequent tabs. You can arrange the order of each dashboard through the reordering process.
To reorder status dashboards:

  1. From the Dashboards -> Status tab, click the Configure icon -> Reorder Dashboards.
  2. The following are displayed in the Order Dashboards wizard:
    • Ordering: You can use the up and down arrows to move dashboards in the desired order or drag and drop them to the desired positions.
    • Dashboard: Displays the list of all the status dashboards.
  3. Click OK to save the changes.

Deleting Status Dashboards

You can delete status dashboards that you have configured. You cannot delete the default status dashboard and the Security dashboard. You can delete multiple dashboards at the same time. Note that you cannot restore a deleted dashboard.
To delete multiple dashboards:

  1. From the Dashboards -> Status tab, click the Configure icon -> Delete Dashboards.
  2. In the Delete Dashboards wizard, select the Dashboard check box. You can select multiple check boxes for multiple dashboards.
  3. Click Delete.
  4. Click Yes in the confirmation dialog box. To delete a specific dashboard:
  5. From the Dashboards -> Status tab -> select the <Status Dashboard> tab.
  6. Click the Configure icon -> Delete Dashboard.
  7. In the Delete Confirmation dialog box, click Yes.

Configuring Security Status Thresholds

You can configure thresholds to determine the overall status of Threat Protection, DNS RPZ (Response Policy Zone), and DNS Threat Analytics services in the Grid. Grid Manager provides a view of the overall security status of the Grid in the Security Status for Grid dashboard widget. For information, see Security Status for Grid.
To configure the thresholds for security status:

  1. From the Dashboards -> Status tab, click the Configure icon -> Global Dashboard Properties.
  2. In the Global Dashboard Properties editor, complete the following:
  • Threat Protection Thresholds: Define the thresholds for each severity level of the threat protection events for the following colors:
    • Yellow: Specify the low threshold value for Critical, Major, and Warning severity level. The default values are 1, 20, and 100 for Critical, Major, and Warning respectively.
    • Red: Specify the high threshold value for Critical, Major, and Warning severity level. The default values are 5, 100, and 1000 for Critical, Major, and Warning respectively.

Depending on the specified thresholds, Grid Manager determines the status of threat protection service as follows, which is displayed in the Status column of the Security Status for Grid widget:

    • Green (OK): When the number of threat protection events are less than the low threshold value specified for the yellow color for all the severity levels.
    • Yellow (Warning): When the number of threat protection events equals or exceeds the threshold value specified for the yellow color but less than the threshold value specified for the red color for any of the severity levels.
    • Red (Critical): When the number of threat protection events equals or exceeds the high threshold value specified for the red color for any of the severity levels.
  • Response Policy Zone Thresholds: Define the threshold values for the following colors to determine the overall status of RPZ:
    • Yellow: Specify the low threshold value for Blocked, Substitute, and Passthru RPZ rules. The default values are 10, 1, and 100 for Blocked, Substitute, and Passthru respectively.
    • Red: Specify the high threshold value for Blocked, Substitute, and Passthru RPZ rules. The default values are 100, 10, and 1000 for Blocked, Substitute, and Passthru respectively.

Depending on the specified thresholds, Grid Manager determines the status of RPZ as follows, which is displayed in the Status column of the Grid Security Status widget:

    • Green (OK): When the number of RPZ hits are less than the low threshold value specified for the yellow color for all the rule types.
    • Yellow (Warning): When the number of RPZ hits equals or exceeds the threshold value specified for the yellow color but less than the threshold value specified for the red color for any of the rule types.
    • Red (Critical): When the number of RPZ hits equals or exceeds the high threshold value specified for the red color for any of the rule types.
  • Threat Analytics Thresholds: Define the thresholds for the following colors, to determine the overall status of DNS Threat Analytics:
    • Yellow: Specify the low threshold value for DNS Tunneling events. The default value is 1.
    • Red: Specify the high threshold value for DNS Tunneling events. The default value is 5.

Depending on the specified thresholds, Grid Manager determines the status of DNS Threat Analytics as follows, which is displayed in the Status column of the Grid Security Status widget:

    • Green(OK): When the number of DNS tunneling attacks are less than the low threshold value specified for the yellow color.
    • Yellow(Warning): When the number of DNS tunneling attacks equals or exceeds the threshold value specified for the yellow color but less than the threshold value specified for the red color.
    • Red(Critical): When the number of DNS tunneling attacks equals or exceeds the high threshold value specified for the red color.

     3. Save the configuration.

Note

If you have configured the same threshold value for both Yellow and Red color in the Global Dashboard Properties editor and if the same number of events are triggered, then Grid Manager displays the status in red in the Grid Security Status widget.


Grid Status

The Grid Status widget provides status information about the Grid members and services. Add the Grid Status widget to your Dashboard to monitor the Grid status.
You can configure the Grid Status widget to display information about all Grid members or only Grid members that have service errors. To modify the Grid Status widget, click the Configure icon and select one of the following:

  • Show all Grid members (this is the default)
  • Only show members with service warnings or errors: When you select Only show members with service warnings or errors, the widget displays only the members that have service errors. The widget does not display any data in the member table if all the services on all members are running properly.
  • Group Members by: If you want to group members by the same extensible attribute value, select this and choose an extensible attribute from the drop-down list. The appliance groups Grid members that have the same extensible attribute value, and the Grid Status displays the following information:
    • <Extensible Attribute  Name>: The value of the selected extensible attribute. You can click the link of the extensible attribute value to view all the members in this group in the Grid/Members view.
    • Status: This is the overall status for all members in the group. Depending on the status of each member, the overall status can be one of the following:
      • Working: Indicates that all the members in the group are running properly.
      • Warning: Indicates that one of the members in the group has operational problems. For example, if there are two members in a group with one member Running and another member is Offline, then the overall status will be Warning.
      • Failed: Indicates that at least one of the members in the group is in the failed status and none of the members in the group are in the Running or Working status. For example, if there are two members in the group and one of them is in Failed status and the other is Offline, then the overall status is Failed.
      • Offline: Indicates that one or more members in the group is offline and none of the members in the group are in the Failed or Running status. For example, if a member is in the Working status and another member is in the Offline status, then overall status is Offline.
      • Inactive: Indicates that one or more members in the group is inactive and none of the members in the group are in the Failed, Offline, Working, or Running status.
      • Unknown: Indicates that the status of all the members in the group is unknown.

    Note

    You can click a member link to monitor the detailed status of the selected member. Grid Manager displays the Grid tab -> Member tab. You can click on a group to show the members of the group in the Grid/Members view.

The Grid Status widget also displays the following information in the member table:

  • Member Name: The name of the member.
  • IPv4 Address: The IPv4 address of the member.
  • IPv6 Address: The IPv6 address of the member.
  • Status: The current status of the member.
  • System Uptime: The duration of time (days, hours, and minutes) that the Grid member has been up and running.

In the upper section of the widget, Grid Manager displays the overall status of the Grid. The Grid status represents the status of the most critical member in the Grid. When all Grid members are running properly, the overall Grid status is green. When one of the members has operational issues, the overall Grid status is red. The status icon can be one of the following:

Icon

Color

Meaning


Green

All Grid members are operating normally in a "Running" state.


Yellow

At least one of the Grid members is connecting or synchronizing with its Grid Master.


Red

At least one of the Grid members does not have a Grid license, is offline, upgrading, downgrading, or shutting down.

This section also displays the overall operational status of the DNS, DHCP, NTP, FTP, TFTP, HTTP (File Distribution), bloxTools, Captive Portal, DNS Accelerator usage, and Reporting services that are currently running on the Grid. The DNS Accelerator usage feature is only available in the IB-4030 appliance. The status icon can be one of the following:



Green

The enabled service is running properly on one or more Grid members.

Yellow

At least one of the Grid members is having issues with the enabled service.

Red

The enabled service is not running properly on at least one of the members. (A red status icon can also appear temporarily when the service is enabled and begins running, but the monitoring mechanism has not yet notified Grid Manager.)

Gray

The service is not configured or is disabled on at least one Grid member.

Grid Upgrade Status

The Grid Upgrade Status widget provides upgrade status of the Grid Master and members. Add the Grid Upgrade Status widget to your Dashboard to monitor the upgrade status of the Grid and its members.
The Grid Upgrade Status widget displays the following information:

  • Upgrade Status: The current upgrade status of the Grid. This can be Running, Paused, Canceled, or Inactive.
  • Grid Member Upgrade Process Status: The pie chart shows the number of members that are still processing the upgrade, members that have completed the upgrade, and members that are waiting for the upgrade to happen.
  • Detailed Upgrade Status: Click this link to access the Grid tab -> Upgrade tab to see detailed information about the upgrade.

The table on the right shows a summary of the upgrade status of the upgrade groups. It displays the following information:

  • Group: The name of the upgrade group.
  • Date/Time: The date and time when the upgrade started on this upgrade group. Note that the time zone is the time zone of the first member in the upgrade group.
  • Completed: Indicates whether the upgrade is complete or not.

Member Status (System Status)

The Member Status widget provides status information about the system resources and services of a Grid member, including the reporting server. The System Status widget provides the operational status about an independent appliance. Add a Member Status widget to your Dashboard for each Grid member that you want to monitor. The widget always displays the services that a Grid member is running. You can then configure it to display additional information and specify how the information is displayed.
You can modify the Member Status or the System Status widget by clicking the Configure icon. If you have an independent appliance, you can only configure some of the following:

  • For Member Status widget only: Click Select Member to select a Grid member for display. When you select the reporting server, the widget displays reporting usage.
  • Select the information you want to display:
    • Show Role: For Member Status widget only. Click to display whether the appliance is a Grid Master, Grid Master candidate, or Grid member. An independent appliance does not have a Grid license installed.
    • Show Hardware Type: Click to display the appliance hardware model.
    • Show HA Status: Click to display whether the appliance is part of an HA pair. It displays one of the following:
      • Standalone: The Grid member is an independent appliance.
      • HA OK: The Grid member is part of an HA pair that is functioning properly.
      • HA Broken: The appliance is part of an HA pair that is not operating properly. You can check the logs to determine the problem.
    • Show System Uptime: Click to display the duration of time (days, hours, and minutes) that the Grid member has been up and running.
  • Statistics: Select the data that you want to display and its format:
    • CPU: Click to display the percentage of CPU that is in use. Select either Dial or Bar for the display format.
    • Memory: Click to display the current percentage of memory that is in use. Select either Dial or Bar for the display format.
    • Database: Click to display the percentage of the database that is in use. Select either Pie or Bar for the display format.
    • Disk: Click to display the percentage of the data partition on the hard disk drive in use. Select either Pie or Bar for the display format.
    • System Temperature: Click to display the system temperature. Depending on the hardware model, the system temperature may not be available. Select to display the temperature in either Celsius or Fahrenheit.
    • CPU Temperature: Click to display the CPU temperature. Depending on the hardware model, the CPU temperature may not be available. Select to display the temperature in either Celsius or Fahrenheit.
    • DNS Accelerator Usage: This feature is only available in the IB-4030 appliance. Click to display the percentage of DNS Cache Acceleration usage, if available. When the DNS cache acceleration utilization reaches the maximum threshold, the appliance displays both the Member Status and the banner in yellow each time you log in to the appliance within 24 hours. It also displays the number of times the appliance has reached the maximum limit in the past 24 hours. For example, if you are using a DNS Cache Acceleration Tier 3 license with 300K performance, and if the DNS Cache Acceleration usage has reached 250K, then the appliance displays the DNS Cache Acceleration usage as 83%, which is calculated as (250*100)/300. In this case, the appliance displays the following message in the banner:
      DNS Cache accelerator usage reached 83% of the maximum capacity 6 times in the last 24 hours.

Click the Configuration icon again to hide the configuration panel after you complete the modification.
Grid Manager displays the hostname of the appliance at the top of the widget. You can click the name link to view detailed information about the appliance. The widget also displays the upgrade status if the member is currently in the process of an upgrade. If the member is scheduled for an upgrade, the Scheduled for upgrade link appears. You can click this link to access the Grid tab -> Upgrade tab to view more details about the date and time of the scheduled upgrade.
The widget also displays the service status of the following: FTP, TFTP, HTTP (File Distribution), DNS, DHCP, NTP, bloxTools, Captive Portal, DNS Accelerator, and Reporting in the Services section. The service status can be one of the following:

Icon

Color

Meaning


Green

The service is enabled and running properly.


Yellow

The service is enabled, but there may be some issues that require attention.


Red

The service is enabled, but it is not running properly or is out of synchronization. (A red status icon can also appear temporarily when a service is enabled and begins running, but the monitoring mechanism has not yet notified the GUI engine.)


Gray

The service is not configured or is disabled.


The widget also displays the statistics you specified, such as CPU usage, memory and database usage, in the format you selected.
When you select the reporting server, you can also see the reporting usage information:

  • Reporting Usage: Displays the daily consumption rate for the reporting service.

For more information about reporting, see Infoblox Reporting and Analytics.

DNS Statistics

The DNS Statistics widget provides statistics for a member or for a zone. The zone statistics are cumulative, collected from all the members that are authoritative servers for zones or are hosting stub zones. The widget displays the totals for each type of DNS response as well as a line graph that tracks the responses per second.
You can add a DNS Statistics widget to your Dashboard for each zone or member DNS server on the Grid. To configure the DNS Statistics widget, click the Configure icon and do the following:

  • Click Select Member. In the Member Selector dialog box, choose a Grid member to display statistics for all its stub zones and authoritative zones.

    or
  • Click Select Zone. In the Zone Selector dialog box, choose a DNS zone to display statistics for that zone only.

The widget displays only the option that you selected on your subsequent logins. For example, if you clicked Select Member, the widget displays the Select Member option only, and not the Select Zone option, when you log in again.

  • Graph Configuration: Select which DNS messages you want to track in the Responses per Second graph.
    • Success: The number of successful queries.
    • NXDOMAIN: The number of queries for domain names that did not exist in the database.
    • Referral: The number of queries that became referrals.
    • NXRRSET: The number of queries for domain names that did not have the requested records.
    • Failure: The number of queries that failed due to reasons other than nonexistent domain names or records in a domain.
    • Recursion: The number of recursive queries for which the name server sent queries to other name servers.

The widget displays the following information:

  • DNS Responses tab: Displays a pie chart and the total number of each type of message. It also displays the total number of full and incremental zone transfers that the Grid member performed.
  • Responses per Second tab: Displays a line graph that tracks the DNS responses received per second, within an hour. The time is displayed according to the time zone specified in the User Profile. If the auto-detect time zone option is enabled and Grid Manager cannot determine the browser time zone, then the time is displayed in UTC format. You can mouse over the graph to display the coordinates of any point in the graph.

Ranges Over Threshold

The Ranges Over Threshold widget enables you to monitor IPv4 DHCP range usage from your Dashboard. It lists the IPv4 ranges that are allocated above a specified threshold and thus may warrant your attention. The default threshold is 75%. For information, see Configuring Thresholds for DHCP Ranges. Note that the appliance highlights disabled IPv4 ranges in gray.
The widget displays the IPv4 ranges with utilization percentages that surpass the threshold. To configure the Ranges Over Threshold widget, click the Configure icon and do the following:

  • Network View: Select a network view in which you want to monitor the IPv4 ranges. This field is displayed only when you have more than one network view.
  • Threshold: Enter a new threshold value. The default is 75%.
    In addition, you can do the following:
  • Click the Export button to export the list of IPv4 ranges that surpass the threshold to a file in CSV format.
  • Click the Refresh button to refresh the data in the list.

IPv4 Failover Associations Status

The IPv4 Failover Associations Status widget enables you to monitor the status of the failover associations from your Dashboard. It lists all the failover associations in the Grid and displays their names and status. The widget also displays the primary and secondary servers in the association. When you click a failover association link or a status link, Grid Manager displays the Failover Association section where you can get detailed information about the failover association. For information, see Managing Failover Associations.
In addition, you can do the following:

  • Click the Export button to export the list of failover associations to a file in CSV format.
  • Click the Refresh button to refresh the data in the list.

DHCP Statistics

The DHCP Statistics widget displays statistics about the different types of DHCP messages that a Grid member sends and receives. The widget displays the totals for each type of DHCP message as well as a line graph that tracks the messages per second.
You can add a DHCP Statistics widget to your Dashboard for each member DHCP server in the Grid. If the DHCP service is not enabled or is offline, the widget displays a message indicating that the DHCP statistic are not available.
To configure the DHCP Statistics widget, click the Configure icon and do the following:

  • Protocol: Select either IPv4 or IPv6.
  • Click Select Member. In the MemberSelector dialog box, select a Grid member from the list.
  • Graph Configuration: This section lists IPv4 or IPv6 messages, depending on the protocol you selected.
  • Select which IPv4 messages you want to track in the Messages per Second graph.
    • Discovers: The number of DHCPDISCOVER messages that the Grid member received from DHCP clients. A DHCP client broadcasts a DHCPDISCOVER message to obtain an IP address.
    • Offers: The number of DHCPOFFER messages that the Grid member sent to DHCP clients. If the Grid member has an IP address that it can allocate to the DHCP client that sent the DHCPDISCOVER message, the Grid member responds with a DHCPOFFER message that includes the IP address and configuration information.
    • Requests: The number of DHCPREQUEST messages that the Grid member received from DHCP clients. A DHCP client sends DHCPREQUEST messages when it selects a lease, connects to the network, and if it renews the lease.
    • Acks: The number of DHCPACK messages that the Grid member sent to DHCP clients. When the Grid member receives a DHCPREQUEST message, it responds with a DHCPACK message to confirm the IP address selected by the DHCP client.
    • Nacks: The number of DHCPNACK messages that the Grid member sent to DHCP clients. The Grid member sends a DHCPNACK message when a DHCP client requests an IP address that is not valid for the network.
    • Declines: The number of DHCPDECLINE messages that the Grid member received. A DHCP client sends a DHCPDECLINE message to a DHCP server when it discovers that the IP address offered by a DHCP server is already in use.
    • Informs: The number of DHCPINFORM messages that the Grid member received. A client that did not receive its IP address from the DHCP server can send it a DHCPINFORM message to retrieve configuration parameters, such as the IP addresses of DNS servers in the network.
    • Releases: The number of DHCPRELEASE messages that the Grid member received. A DHCP client sends a DHCPRELEASE message when it terminates its lease and releases its IP address.

Select which IPv6 messages you want to track in the Messages per Second graph.

    • Declines: The number of Decline messages that the Grid member received. A DHCP client sends a Decline message to a DHCP server when it discovers that the IP address offered by a DHCP server is already in use.
    • Renews: The number of Renew messages that the Grid member received. A DHCP client sends a Renew message to a DHCP server to extend the lifetimes on the leases granted by the DHCP server and to update other properties.
    • Information Requests: The number of Information-Request messages that the Grid member received. A client sends an Information-Request message to retrieve configuration parameters, such as the IP addresses of DNS servers in the network.
    • Solicits: The number of Solicit messages that the Grid member received, including Solicit messages embedded in Relay-Forward messages. A DHCP client sends a Solicit message to locate DHCP servers.
    • Requests: The number of Request messages that the Grid member received. A DHCP client sends a Request message to request one or more IP addresses and configuration parameters from a DHCP server.
    • Rebinds: The number of Rebind messages that the Grid member received. A DHCP client sends a Rebind message to extend the lifetime of its lease and to update configuration parameters.
    • Releases: The number of Release messages that the Grid member received. A DHCP client sends a Release message when it terminates its lease and releases its IP address.
    • Advertises: The number of Advertise messages that the Grid member sent. When a DHCP server receives a Solicit message, it can respond with an Advertise message to indicate that the server is available for DHCP service.
    • Replies: The number of Reply messages that the Grid member sent. A DHCP server sends a Reply message that includes IP addresses and configuration parameters when it responds to Solicit, Request, Renew or Rebind message. It sends a Reply message with configuration parameters only when it responds to an Information-Request message.

The widget displays the following information:

  • DHCP Messages tab: Displays a pie chart and the totals for each type of DHCP message. It also displays the number of Deferred Updates, which are DDNS update requests which are deferred because the DNS primary was not reachable when the update was first attempted.
  • Messages per Second tab: Displays a line graph that tracks the DHCP messages that were sent and received per second, within an hour. The time is displayed according to the time zone specified in the User Profile. If the auto-detect time zone option is enabled and Grid Manager cannot determine the browser time zone, then the time is displayed in UTC format. You can mouse over the graph to display the coordinates of any point in the graph.

Network Statistics

The Network Statistics widget provides information about IP address usage in an IPv4 network. You can monitor several networks simultaneously to view the distribution of address resources. Such information can indicate if there is a sufficient number of available addresses in each network. It can also provide information about the distribution of address resources, indicating if there are too many unused addresses in one network while all the addresses in another are in use.
Add a Network Statistics widget to your Dashboard for each network that you want to monitor. You can monitor IPv4 networks only.
To configure the Network Statistics widget, click the Configure icon and do the following:

  • Select one of the following chart types:
    • Pie
    • Bar
  • Click Select Network. In the Network Selector dialog box, choose a network from the list and click Select.
    Note that if multiple network views were previously configured, Grid Manager displays the default network view. You can choose another network view from the drop-down list, and then select a network. The Network Statistics widget displays the following information about the selected network:
  • IPAM Utilization: When you define a network, this is the percentage based on the IP addresses in use divided by the total addresses in the network. For example, in a /24 network, if there are 25 static IP addresses defined and a DHCP range that includes 100 addresses, the total number of IP addresses in use is 125. Of the possible 256 addresses in the network, the IPAM utilization is about 50% for this network. When you define a network container that contains subnets, this is the percentage of the total address space defined within the container regardless of whether any of the IP addresses in the subnets are in use. For example, when you define a /16 network and then 64 /24 networks underneath it, the /16 network container is considered 25% utilized even when none of the IP addresses in the /24 networks is in use.
    You can use this information to verify if there is a sufficient number of available addresses in a network. The IPAM utilization is calculated approximately every 15 minutes.
  • Unmanaged: The number of discovered IP addresses that do not have corresponding records on the appliance, such as A records, PTR records, fixed address records, host records, or leases. To obtain this data, you must run a discovery process on the network first.
  • Conflicts: The number of IP addresses that have either a MAC address conflict or a DHCP range conflict. To obtain this data, you must run a discovery process on the network first. A discovered host has a MAC address conflict when its MAC address is different from that specified in its fixed address, DHCP lease, or host record. A discovered host has a DHCP range conflict when it is part of a DHCP range, but it does not have a matching fixed address or DHCP lease, and it is not part of an exclusion range.

Network Users - Active Users

The Network Users Active Users widget displays up to 10 active users for Windows devices managed by the Grid. To modify the Network Users Active Users widget, click the Configure icon and select one of the following:

  • Only show networks with: Select At least or Fewer than from the drop-down list and specify the number of users in the Users field. The default values are set to At least and 10 users.
  • All Network Views: Select this to monitor active users on the managed Active Directory domains in all network views.
  • Select Network View: Click Select to select the network view in which you want to monitor active users.
    The Network Users-Active Users widget displays the following information:
  • Network: The network address. You can click the network link to view network details.
  • Active Users: All users who are currently using the Active Directory domains. You can also export the list to a .csv file.

IPv4 Networks Over Threshold

The IPv4 Networks Over Threshold widget enables you to monitor IPv4 network and IP address usage from your Dashboard. It lists the IPv4 networks that are allocated above a specified threshold and thus might warrant your attention. The default threshold is 75%.
For network containers, the threshold is the percentage of IP address space that has been allocated. For subnets, it is the percentage of used addresses, except the broadcast and network addresses. The widget displays the network containers and subnets with utilization percentages that surpass the threshold.
You can also select to view IPv4 cloud networks only if you have deployed Cloud Network Automation. For information about this feature, see Deploying Cloud Network Automation.
To configure the Networks Over Threshold widget, click the Configure icon, and then complete the following:

  • Threshold: Enter a new threshold value. The default is 75%.
  • Type: Select IPAM Utilization or IPv4 DHCP Utilization. For information, see Managing IPv4 DHCP Data.
  • All Network Views: Select this to monitor threshold for IPv4 networks in all network views.
  • Select Network View: Click Select to select the network view in which you want to monitor the threshold.

To view information related to cloud networks, select View Cloud Networks Only, and then select one of the following:

  • All Tenants: Displays information for all tenants.
  • Select Tenant: Click Select to select a specific tenant. In addition, you can do the following in this widget:
  • Click the Export button to export the list of networks that surpass the threshold to a file in CSV format.
  • Click the Refresh button to refresh the data in the list.

Port Status

The Port Status widget provides a quick way to inspect the interface status for any discovered device in the network. The widget shows an overview of all interfaces on all devices or for a single device (called the Data Scope).
Click the Configure icon to change settings for the widget.

  1. You can choose a Bar or Pie chart for the Total Switch or Switch-Router chart, which shows the percentage of ports that are operationally Active and that are operationally Down.
  2. Under Data Scope, the All Devices setting allows the widget to show the total counts for all discovered network infrastructure devices. This is the default.
  3. To use the widget to display port information for a single device, such as a switch, enable the Select Device radio button. Choose the device in the Device Selector window. The widget adjusts its reported values to the scale of the selected device.
  4. You can also choose the Media Type. to further filter port status information. Choices include: Ethernet Interface, Layer 2 Virtual LAN, Proprietary Serial Interface, Proprietary Virtual/Internal Interface, Loopback Interface and Tunnel Interface.

The counters in the widget include Total Switch and Switch-Router Ports, Total Down Switch and Switch-Router Ports and Total Active Switch and Switch-Router Ports.

Discovery Status

The appliance can run an IP discovery to detect and obtain information about active hosts in specified networks. For information about the discovery process, see About Discovery.
You can add the Discovery Status widget to your Dashboard. From this widget, you can access Discovery Manager and configure parameters for a discovery. You can do the following from the widget:

  • Start a discovery immediately. For more information about immediate discovery, see Configuring IP Discovery.
  • Schedule a discovery for a later date and time. For more information about discovery, see Configuring IP Discovery.
  • Configure a recurring discovery. For more information about recurring discovery, see Configuring IP Discovery.
  • Click the Start button to start a discovery process.
  • Click the Pause button to temporarily pause the process.
  • Click the Stop button to stop the process.

This widget displays the status of discovery tasks. If there are no active discovery tasks, the widget displays the discovery results of the previous tasks. For information about starting and scheduling a discovery task, see Guidelines Before Starting a Discovery.
After you start a discovery, the Discovery Status widget displays a status bar that indicates the discovery is in progress. It also tracks the number of networks in an IP discovery. You can click the Refresh icon to update the discovery status.
The widget displays the following information about the discovery process:

  • Current Status: If a discovery is in progress, this field displays its current status. Otherwise, it displays the date and time of the last discovery.
  • Last Action: Displays the last operation and the admin who initiated it.
  • IPv4 Device Discovery: Displays the total number of IPv4 networks and the IPv4 network and IP address range on which the IP discovery is currently running. You can click Refresh to update this information.

The Discovery Status widget also displays the following information about the last discovery:

  • Discovered: The total number of active hosts in the network.
  • Managed: The number of discovered IP addresses that are managed by the NIOS appliance. These IP addresses have an A record, PTR record, fixed address record, host record, lease, or are within a configured DHCP range.
  • Unmanaged: The number of discovered IP addresses that do not have corresponding records on the appliance, such as A records, PTR records, fixed address records, host records, or leases.
  • Conflicts: The number of discovered hosts that have a MAC address conflict or are part of a configured DHCP range, but do not have a fixed address or lease record and are not part of an exclusion range.

Advanced Discovery Status

With the correct licensing, dedicated NIOS appliances operating as Grid members can perform infrastructure device discovery. NIOS appliances with the Discovery license operate primarily for discovery tasks and do not perform core DNS or DHCP network functions. Discovery appliances, called Probes, collect all network device data and compile it into a database. A separate NIOS appliance, called a Consolidator, aggregates the collected device information from the Probes and synchronizes with the Infoblox Grid Master.
For more information about discovery and its features and requirements, see Infoblox Network Insight and its associated sections.
The Advanced Discovery Status widget provides several basic counts describing the general state of device discovery within the Grid, and for networks outside the Grid being inventoried by the NIOS appliances designated for discovery. The widget divides counters into two categories: Networks and Assets. Network counters refer to counts of managed and unmanaged networks discovered by Probe appliances. Asset counters refer to counts of specific types of network devices, termed Assets, which are comprised of end hosts, enterprise servers, enterprise printers, and any other enterprise asset that exists in an end-user network segment. The widget counters include:
In the Networks category:

  • Discovered: The total number of networks discovered by Probe appliances.
  • Managed: The number of discovered networks that are currently managed by the NIOS Grid. These IP networks have been converted from Unmanaged status to Managed status.
  • Unmanaged: The number of discovered networks that are counted as Unmanaged by the NIOS Grid Master. After a network is discovered and catalogued by a Probe appliance, its default state as a network is Unmanaged.

In the Assets category:

  • Discovered: The total number of Assets discovered by Probe appliances.
  • Managed: The number of discovered assets that are currently managed by the NIOS Grid. These devices have been converted from Unmanaged status to Managed status.
  • Unmanaged: The number of IPs with discovered data that are counted as Unmanaged by the NIOS Grid Master, and have not been converted into a Host or a Fixed IP Address. After an Asset is discovered and catalogued by a Probe appliance, its default state is Unmanaged.
  • Conflicts: The number of discovered assets that have a MAC address conflict or are part of a configured DHCP range, but do not have a fixed address or lease record and are not part of an exclusion range.

My Commands

The My Commands widget provides easy access to commands that you frequently use, so you can perform your tasks without leaving the Dashboard. You can add one My Commands widget to your Dashboard.
To configure the My Commands widget, click the Configure icon and do the following:

  • Select a command from the Available list and click the > arrow to move it to the Selected list. You can always toggle the commands between the two lists. Select multiple commands by using SHIFT-click and CTRL-click.

DDNS Statistics

The DDNS Statistics widget provides information about the dynamic DNS (DDNS) updates that occur on the DNS service of a selected Grid member. The widget displays the total number of DDNS updates that succeeded, failed, and that were rejected. It also displays a line graph that tracks the status of the DDNS updates per second.
You can add a DDNS Statistics widget to your Dashboard for each DNS server on the Grid that accepts dynamic DNS updates.
To configure the DDNS Statistics widget, click the Configure icon and do the following:

  • Click Select Member. In the Member Selector dialog box, select a Grid member from the list.
  • Graph Configuration: Select which updates you want to track in the Updates per Second graph:
    • Success: The number of DDNS update requests that succeeded.
    • Prerequisite Reject: The number of DDNS update requests that were rejected because the prerequisite conditions specified in the request were not met.
    • Reject: The number of DDNS update requests that were rejected by the DNS service.
    • Failure: The number of DDNS update requests that failed.

The widget displays the following information:

  • DDNS Updates tab: Displays totals for each type of update.
  • Updates per Second tab: Displays a line graph that tracks the status of the DDNS updates. The time is displayed according to the time zone specified in the User Profile. If the auto-detect time zone option is enabled and Grid Manager cannot determine the browser time zone, then the time is displayed in UTC format. You can mouse over the graph to display the coordinates of any point in the graph.

System Activity Monitor

The System Activity Monitor widget provides information about the following resources on the selected Grid member: CPU and its utilization, system memory, NIC usage, top processes, and information about VLAN interfaces. By default, the widget displays the system activity of the Grid Master. You can add a System Activity Monitor widget to your Dashboard for each Grid member whose resources you want to monitor.
To configure the System Activity Monitor widget, click the Configure icon and select a Grid member and the resources that you want to track:

  • Click Select Member. In the Member Selector dialog box and select a Grid member from the list.
  • CPU: Select which type of CPU usage you want to track:
    • User: The CPU usage of user applications, such as programs and libraries.
    • System: The CPU usage of the kernel and drivers.
    • Idle: The percentage of CPU that is not in use.
  • System Memory: Select which portion of the system memory you want to track:
    • Real Memory Used: The physical RAM usage.
    • Swap Used: The swap area usage. The swap area is the disk area that temporarily holds a process memory image.
  • NIC Usage: Select how you want to measure network traffic:
    • Bytes: Reports the number of bytes.
    • Packets: Reports the number of packets.
  • NIC Settings: Select the port on which you want to measure network traffic. If you have configured VLANs, Grid Manager displays them in the format LAN1 nnnn or LAN2 nnnn, where nnnn represents the associated VLAN ID. For example, a VLAN configured on LAN1 can be displayed as LAN1 297 and a LAN2 VLAN can be LAN2 21. For more information about VLANs, see VLAN Management.
  • CPU Utilization and Top N Processes: Set the auto refresh period in this section. NIOS displays the information for all available cores.
    • Auto Refresh Period for CPU Utilization and Top N Processes: Enter the time interval in seconds for the CPU Core Utilization graph and the top N process data to auto refresh and display the CPU core utilization information. If you enter 12, the graph displays new information after every 12 seconds. You can enter a minimum refresh interval of 10 seconds and a maximum refresh interval of 30 seconds. By default, the time interval is set to 10 seconds. This field is applicable only to the CPU Utilization and Top N Processes tabs.
  • Auto Refresh Period: Enter the refresh interval in seconds for the data in the CPU, System Memory, and NIC Usage tabs to auto refresh.

The System Activity Monitor widget displays a tab for each resource: CPU, System Memory, NIC Usage, CPU Utilization, Top N Processes.

Each tab contains a line graph that tracks the resource utilization per second.

  • CPU: The graph on the CPU tab tracks the percentage of CPU usage.
  • System Memory: The graph on the System Memory tab tracks the memory utilization percentage.
  • NIC Usage: The graph on the NIC Usage tab tracks either bytes or packets per second.
  • CPU Utilization: If you select the Live option, the graph tracks live CPU utilization data for the last 10 minutes for all CPUs in your Grid member. The graph is refreshed based on the time interval you specify in the Auto Refresh Period for CPU Utilization and Top N Processes field. Each CPU is denoted in a different color. If you select the Historical option, you can view the CPU utilization data for up to a maximum of past 60 minutes based on the time range you specify in the Earliest and Latest fields. For example, if you enter 2019-09-05 and 09:20:42 AM in the Earliest field and 2019-09-05 and 10:20:42 AM in the Latest field, the graph displays the CPU utilization data for 5th September 2019 between 9:20:42 AM and 10:20:42 AM. You can view data for a maximum of past of 5 days but the time difference between Earliest and Latest time should not exceed 60 minutes.
  • Top N Processes: If you select the Live option, the table displays the process ID and name of the top N processes that are consuming CPU utilization. N is the number that you specify in the Number of Top Processes field on the Monitoring tab of the Grid Properties editor. It also displays the percentage of CPU utilized by each process. The data is refreshed based on the time interval you specify in the Auto Refresh Period for CPU Utilization and Top N Processes field. If you select the Historical option, you can view past top N process data based on the time range you specify in the Earliest and Latest fields. For example, if you enter 2019-09-05 and 09:20:42 AM in the Earliest field and 2019-09-05 and 10:20:42 AM in the Latest field, the graph displays the top process data on 5th September 2019 between 9:20:42 AM and 10:20:42 AM. You can view data for a maximum of 5 days.

The time is displayed according to the time zone specified in the User Profile. If the auto-detect time zone option is enabled and Grid Manager cannot determine the browser time zone, then the time is displayed in UTC format. You can mouse over the graph to display the coordinates of any point in the graph.

File Distribution Statistics

The File Distribution Statistics widget enables you to monitor the status of file distributions services from the Dashboard. The widget provides an overall status of file distribution on all members in the Grid. It also displays the file system utilization for the file distribution subsystem.
The service status displays one of the following:

  • OK: All file distribution services are running properly.
  • Stopped: All file distribution services are stopped.
  • Warning: The file distribution services are not running properly.
  • Error: The file distribution services encounter an error.

You can click the link to view detailed information about the file distribution services. Grid Manager displays the Members tab in the File Distribution tab.
To configure the File Distribution Statistics widget, click the Configure icon and select one of the following chart types:

  • Pie
  • Bar

The File Distribution Statistics widget displays the following information:

  • File System Utilization: The percentage of utilization of the overall allocated file distribution subsystem space on all members. You can use this information to verify if there is sufficient space for file distribution in the Grid.

Active WebUI Users

The Active WebUI Users widget provides information about the users who are logged in to Grid Manager or System Manager. It does not include users who are using the Infoblox API or are logged in to the serial console.
You can add only one Active WebUI Users widget to the Dashboard. You must have a superuser account to add this widget to the Dashboard.
It displays the following information about each user:

  • User ID: The user name.
  • Source Address: The IP address of the management station the user used to connect to Grid Manager.
  • Logged In Since: The date and time the user logged in.
  • Idle Time: The number of minutes the user has not had any activity on Grid Manager. Note that the idle session timeout is 2 hours, so the idle time is cleared every 2 hours.

  • User Agent: The system used to access Grid Manager, such as the browser version and platform information. You can sort the columns and hide or display each one. You can also export the list to a .csv file.

Microsoft Servers Status Widget

The Microsoft Servers Status widget displays the operational status of each Microsoft server managed by the Grid. Grid Manager displays this widget only when at least one member in the Grid has a Microsoft management license. You can configure this widget to display the status of all Microsoft servers or only those with warnings and errors. You can also view the monitor and control status for the DNS and DHCP service on the Microsoft server. To modify the Microsoft Servers Status widget, click the Configure icon and select one of the following:

  • Show all Microsoft servers
  • Only show servers with service warnings or errors

The Microsoft Servers Status widget displays the following information about each Microsoft server:

  • Server Name: The hostname of the Microsoft server.
  • IP Address: The IP address of the Microsoft server.
  • Status: The connection status of the Microsoft server.
    • OK: The Grid member is connected to the Microsoft server.
    • Connecting: The Grid member is connecting to the Microsoft server.
    • Error: The Grid member tried to connect to the Microsoft server, but failed. You can check the syslog for any messages.
    • Not Available: The Microsoft server is disabled. The Grid member does not try to connect to disabled servers.
  • DNS: The status of the DNS service on the Microsoft server. The DNS service status can be one of the following:

Icon

Color

Meaning


Green

The DNS service is functioning properly.


Red

The Microsoft server is unavailable.


Yellow

The DNS service is starting or stopping.


Gray

The DNS service is stopped or management of the Microsoft DNS server is disabled.


  • DHCP: The status of the DHCP service on the Microsoft server. The DHCP service status can be one of the following:

Icon

Color

Meaning


Green

The DHCP service is functioning properly.


Red

The Microsoft server is unavailable.


Yellow

The DHCP service is starting or stopping.


Gray

The DHCP service is stopped or management of the Microsoft DHCP server is disabled.


  • Active Directory Sites: The status icon in green indicates the synchronization status of Active Directory Sites on the Microsoft server.
  • Enable DNS Monitor & Control: Displays Yes if the monitor and control status is enabled for the DNS service on the Microsoft server and displays No if it is disabled.
  • Enable DHCP Monitor & Control: Displays Yes if the monitor and control status is enabled for the DHCP service on the Microsoft server and displays No if it is disabled.

CSV Import Manager

The CSV Import Manager on the Status Dashboard displays the status of CSV import jobs you have submitted. You can start a file import from CSV Import Manager and control and monitor it from this widget. You can also launch CSV Import Manager from the Task Dashboard or the Toolbar. You can also delete uploaded CSV files. For more information, see Importing and Exporting Data using CSV Import. You can click the Refresh icon or configure auto refresh to update the status.
The widget displays the following information about the import jobs that were submitted in the past 30 days:

  • User Name: The admin user who submitted the CSV import. Only superusers can view this column.
  • Status: The current status of the import job. The status can be one of the following:
    • Import successful: The import is completed without errors. Check the Message field for information about the import.
    • Import unsuccessful: The import is completed, but with errors. Check the Message field for information about the error message.
    • Import pending: The job is in queue for execution.
    • Import in progress: The job is being executed.
    • Import stopped: The job has been stopped. You can select the job and restart the import.
    • Test successful: Test is completed without errors. Check the Message field for information about the test.
    • Test unsuccessful: Test is completed, but with errors. Check the Message field for information about the error message.
    • Test pending: Test is in queue for execution.
    • Test in progress: Test is in progress.
    • Test stopped: Test has been stopped. You can select the job and restart the import.
    • Saved file: The data file has been uploaded, but the import has not started.

    Note

    After a product restart, which can be caused by a failover, all Import in progress jobs go into Import stopped state; all Import pending jobs continue to be queued for execution.

  • Submitted: The timestamp when the job was submitted.
  • Completed: The timestamp when the job was completed. This field is blank if the job has not been completed yet.
  • File Name: The CSV data file name.
  • Message: This field displays the number of rows of data that has been processed and the number of rows of data the import has detected errors. Depending on the import options, Grid Manager displays the row number at which it stops the import when it encounters an error, or the total number of rows it has processed by skipping over the erroneous data. For example, if there are 100 rows of data and you select "On error: Stop importing," and there is an error in row 90, the appliance displays 90of100completed,1error. If you select "On error: Skip to the next row and continue," the appliance displays 100 of 100 completed, 1 error.
  • File Size: The CSV data file size.

Note

Superusers can view all CSV import jobs and limited-access users can view only the jobs they submitted.

Load Balancer Status

The Load Balancer Status widget displays the operational status of GLBs (Global Load Balancers) managed by the Grid. Grid Manager displays this widget only when at least one member in the Grid has a Load Balancer license. You can configure this widget to display the status of all GLBs or only those with warnings and errors. To modify the Load Balancer Status widget, click the Configure icon and select one of the following:

  • Show all Load Balancers
  • Only show servers with service warnings or errors

The Load Balancer Status widget displays the following information about each load balancer:

  • Name: The name of the load balancer.
  • IP Address or FQDN: The IP address or FQDN of the load balancer.
  • Version: The TMOS version that is running on the load balancer.
  • Status: The connection status of the GLB.
    • OK: The Grid member is connected to the GLB.
    • Unknown: The Grid member is unable to contact the GLB and cannot retrieve any status details. This can be caused by incorrect IP address, FQDN, username, or password.
    • Error: The GLB has a connection error. Click the Detailed Status icon to view detailed information or check the syslog for any error messages.
    • Warning: Certain issues, such as Grid member failures or licensing issues, have occurred. Click the Detailed Status icon to view detailed information or check the syslog for messages to determine the reason for the warning.
    • Disabled: The load balancer is disabled. The Grid member does not try to connect to disabled GLB.

Pending Approvals

The Pending Approvals widget provides information about tasks that are pending your approvals. Add the Pending Approvals widget to your Dashboard to monitor tasks that require your approvals.
You can select a task and perform the following:

  • Click the Approve icon to approve the task.
  • Click the Reject icon to disapprove the task.

You can also click Task Manager to access the Administration tab -> Workflow tab -> Task Manager tab.
The Pending Approvals widget displays the following information about each task that requires your approval:

  • Task ID: The ID associated with the task. The appliance assigns an ID to a task in chronological order.
  • Submitter: The username of the admin who scheduled or submitted the task.
  • Ticket Number: The reference number entered by the submitter to identify the task. You can enter up to 20 alphanumeric characters.
  • Scheduled Time: The date, time, and time zone when the task was scheduled for execution.
  • Affected Object: The name or value of the object that is associated with the task. For example, if the task involves an A record, this field displays the domain name of the record. If it is a fixed address, it displays the IP address of the fixed address.
  • Object Type: The object type. For example, the appliance can display A Record or Fixed Address.
  • Action: The operation the appliance performs in this task. The operation can be: Add, Modify, Delete, or Network Discovery.
  • Submitte Time: The date, time, and time zone when the task was submitted. You can select this for display. It is not displayed by default.

Infoblox Community

The Infoblox Community widget displays the latest news from Infoblox. It provides links to video clips that show you how to perform certain tasks, such as how to prepare for IPAM Express and how to add a network. You can click available links in the widget to get more information about Infoblox products and solutions.
Note that content in the
Infoblox Community widget may not be displayed in certain versions of Mozilla FireFox, Google Chrome, and Microsoft Internet Explorer due to restrictions these browsers use to block certain secure data.
Follow these steps to unblock the
Infoblox Community widget and view data in your respective browser:

  • MozillaFireFox: Click the Shield icon   in the address bar and choose DisableProtectiononThisPage from the drop-down list. The icon in the address bar changes to a warning triangle and content is displayed in the InfobloxCommunity widget. For more details, refer to information at https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/.
  • Google Chrome: Click the Shield icon in the address bar and click Load unsafe script in the pop-up box. Chrome automatically refreshes the webpage and loads the content in the Infoblox Community widget. For more details, refer to information at https://support.google.com/chrome/answer/1342714?hl=en.
  • Internet Explorer: Click the Compatibility View icon  adjacent to the address bar. The browser refreshes and the Security Warning dialog box is displayed. Click No in the dialog box. The Only Secure content is displayed pop-up blocker is displayed at the bottom of the browser. Click the Show all content button in this pop-up blocker to view the content. For more details, refer to the information at http://windows.microsoft.com/en-in/internet-explorer/use-compatibility-view#ie=ie-8.

Mobile Devices Status

The Mobile Devices widget provides information about the number of active leases of the DHCP fingerprint devices managed by the Grid. The widget displays a pie chart indicating the number of active leases in percentile for each of the device category. You can click the Refresh icon or configure auto refresh to update the status.

Note

The Mobile Devices widget updates its data every 15 minutes. A device might not be displayed in this widget if its lease expires within 15 minutes.


To configure the Mobile Devices widget, click the Configure icon and do the following:

  • Click Select Network View. In the Network View Selector dialog box, select a network view from the list and click OK.

Note that if multiple network views were previously configured, Grid Manager displays the default network view. You can select another network view from the Network View Selector dialog box.
The widget displays the number of active leases for the following device classes:

  • MacOS - Displays all devices that were detected to be running Mac OS.
  • Windows - Displays all devices that were detected to be running Windows.
  • Android Mobile - Displays Smartphones/PDAs/Tablets that were detected to be running Android.
  • Apple Mobile - Displays Smartphones/PDAs/Tablets that were detected to have Apple in the DHCP fingerprint information.
  • No Match - Displays all devices whose fingerprint information does not match with any of the standard/custom DHCP fingerprint data stored in the appliance. For information about Standard and Custom DHCP Fingerprints, see Standard and Custom DHCP Fingerprints.
  • Other - Displays all devices that belong to a device class other than those listed above.

Table 2.2 List of device types and classes

Category Device ClassDevice Type
WindowsWindows

Microsoft Windows 2000

Microsoft Windows 2003
Microsoft Windows 8
Microsoft Windows Vista/7 or Server 2008
Microsoft Windows XP
Mac OSMacintoshApple Mac OS 9
Apple Mac OS X, TV (HD)
Apple Mobile

Smartphones/PDAs/Tablets


Apple iPod
Apple iPod, iPhone, iPad or TV (SD)
Android MobileSmartphones/PDAs/TabletsAndroid Phone/Tablet (Generic)
Android Phone/Tablet (HTC, older devices)
Android Phone/Tablet (Motorola, older devices)

Android Phone/Tablet (Sony Ericsson, older devices)

Android Phone/Tablet (Unknown devices)
Android Phone/Tablet (Vizio tablet, Others)
Android Phone/Tablet (newer devices)
Android tablets (Samsung, Others)

ZTE N9120 Android

DNS Integrity Check

The DNSIntegrityCheck widget displays status about DNS data discrepancies that have been detected through DNS integrity check that is designed to mitigate DNS domain hijacking. This widget displays top-level or parent authoritative zones that have been selected for DNS data monitoring. For information about how to configure DNS integrity check to mitigate possible DNS domain hijacking, see Configuring DNS Integrity Check for Authoritative Zones.
The widget displays the following information (note that this table is sorted by Status.):

  •   : Left click the Action icon  next to a zone to perform the following:
    • View Syslog: Select this to open the Syslog Preview dialog and view data discrepancy events for the selected zone. 
    • Check Now: Select this to perform DNS integrity check to immediately query current DNS data from the top-level parent domain. When you select this, verbose logging for DNS integrity check is automatically enabled. After the operation is complete, the appliance updates the timestamp for the Last Checked column.
  • Zone: Displays the name of the top-level authoritative zones that is being monitored for DNS integrity check. You can click the zone name and the appliance opens the zone viewer for the selected zone.
  • Status: Displays the current DNS data discrepancy status. The status can be one of the following:
    • Critical (red): Data in the NS RRsets for the authoritative and delegate zones are completely out of synchronization.
    • Severe (orange): Some data in the NS RRset between the authoritative and delegate zones overlaps and some data is different.
    • Warning (yellow): The NS RRset for the authoritative zone is a subset of the NS RRset for the delegate zone. It is possible that incorrect IP addresses have been entered at the registrar.
    • Informational (blue): The NS RRset for the delegate zone is a subset of the NS RRset for the authoritative zone. This could indicate a possible delay in domain registration.
    • Normal (green): There are no DNS data discrepancies between the NS RRsets for the authoritative and delegated zones.
    • None (black): No DNS discrepancies data has been collected or DNS integrity check has not been performed.
  • Last Checked: The timestamp in YYYY-MM-DD HH:MM:SS when the parent domain was last queried for its DNS data.
  • Description: Information about the zone.

Previewing Syslog Events

When you select View Syslog from the DNS Integrity Check widget for a selected zone, the Syslog Preview dialog is displayed. You can view related syslog events for the selected zone in this dialog, as follows:

  • Timestamp: The timestamp in YYYY-MM-DD HH:MM:SS when the event was logged.
  • Facility: The location that determines the processes and daemons from which the log messages are generated.
  • Level: The severity level of the DNS data discrepancies. This can be Critical, Severe, Warning, Information, or Normal. For more information, see descriptions for the Status field.
  • Server: The name of the Grid member that performed the data check.
  • Message: Syslog information about the event. If you have enabled verbose logging, this displays detailed information about the event. For information about how to enable verbose logging, see Configuring DNS Integrity Check for Authoritative Zones.

You can also click Go to Syslog Viewer on the upper right corner of the dialog to view all events in the syslog. For more information about the syslog, see Viewing the Syslog.

Cloud Statistics

The Cloud Statistics widget appears only when you have deployed the Cloud Network Automations license on the Grid Master. This widget displays statistical information for cloud objects. It contains the following tabs: Tenant & VMs, Fixed vs. Floating and Available vs. Allocated. You must install valid cloud related licenses to access this widget. For more information about installing licenses and enabling Cloud Network Automation, see Deploying Cloud Network Automation.
To modify the Cloud Statistics widget, click the Configure icon and select one of the following:

  • Show Statistics From:
    • All Tenants: Select this to display statistics for all tenants.
    • Select Tenant: Click Select to choose a specific tenant for which statistics are displayed.
  • Show:
    • All IP Addresses: Select this to display all IP address allocation for all tenants or the tenant of your choice.
    • Fixed: Select this to display only fixed IP address allocation for all tenants or the tenant of your choice. Fixed IP addresses correspond to OpenStack Fixed IP Addresses.
    • Floating: Select this to display only floating IP address allocation for all tenants or the tenant of your choice. Floating IP addresses correspond to OpenStack Floating IP Addresses.

Dig Request

The Dig Request widget enables you to perform a DNS lookup on the Grid Master or on the specified Grid member and displays the output of the dig command.

Note

When RPZ license is installed on both the Grid Master and the Grid member, the RPZ rule might not be triggered if you perform dig on the Grid member from the Grid Master.


To perform a DNS lookup using the dig command, complete the following:

  • Run dig command on: Select one of the following. The default is Grid Master.
    • Grid Master: Select this to perform a DNS lookup on the Grid Master.
    • Grid Member: Select this to perform a DNS lookup on the Grid member. Click Select Member to select a Grid member. If there are multiple members, the Member Selector dialog box is displayed, from which you can select a member. Click the required member name in the dialog box. You can also click Clear to clear the displayed member and select a new one.
  • Name Server to Query(Optional): Optionally, specify the name server on which you want to perform a DNS lookup. You can enter either the name, IPv4 address, or IPv6 address of the name server.
  • Record Type: Select the resource record type from the drop-down list. You can select Any to query all the resource record types or select one of the following from the drop-down list: A, AAAA, CAA, CNAME, DNAME, MX, NAPTR, NS, PTR, SRV, TXT, AXFR. If the record type is Unknown, then directly enter the type of unknown record. For example, for an unknown record of type RP, enter RP. The default is Any.
  • Send Recursive Query: Select this to send recursive queries for the domain. This check box is selected by default.
  • Domain Name to Query: Enter the domain name to query.

Click Perform Dig. The widget displays the status and output of the dig command.
Note that if you have installed RPZ license and enabled RPZ logging in the Grid, you can view RPZ syslog messages by clicking View RPZ Syslog if the specified domain name matches the RPZ rule.

Security Status for Grid

The Security Status for Grid widget displays the overall status of Threat Protection, RPZ (Response Policy Zone), and DNS Threat Analytics services on the Grid members that support Infoblox Advanced DNS Protection, hardware or Software ADP, and Infoblox Threat Insight. Grid Manager displays this widget only when at least one member in the Grid has the Threat Protection, RPZ, or Threat Analytics license installed. You can add this widget to the Security dashboard to monitor the overall security status of the Grid. The statistics displayed in this widget are cumulative, collected from all the Grid members that support Infoblox Advanced DNS Protection, hardware or Software ADP, and Infoblox Threat Insight. This widget displays data for the last 30 minutes. The overall status of Threat Protection, RPZ, and DNS Threat Analytics is determined by the threshold values configured in the Global Dashboard Properties editor. For information, see Configuring Security Status Thresholds.

Note

If the Threat Protection license is not installed on any of the Grid members, Grid Manager does not display any threat protection related information in this widget. Similarly, if the RPZ license is not installed on any of the Grid members, Grid Manager does not display RPZ and DNS Threat Analytics related information in this widget and if the Threat Analytics license is not installed on any of the Grid members, Grid Manager does not display DNS Threat Analytics related information in this widget.


The widget displays the following information for Threat Protection, RPZ, and DNS Threat Analytics:

  • Status: It displays the overall status of the security service in the Grid based on the events collected from all the members that support Infoblox Advanced DNS Protection and Infoblox Threat Insight. It represents the status of the most critical member in the Grid.
    The status icon can be one of the following for the Threat Protection, RPZ, and DNS Threat Analytics service:
    • OK (Green): The license for the security service is installed and the security service is running. The rulesets for the security service are available and the number of events triggered are less than the yellow and red threshold values configured in the Global Dashboard Properties editor for the corresponding security service.
    • Warning (Yellow): The license for the security service is installed and the security service is running. The rulesets for the security service are available and the number of events triggered for any of the parameters equals or exceeds the yellow threshold value, but less than the red threshold value configured in the Global Dashboard Properties editor for the corresponding security service.
    • Critical (Red): The license for the security service is installed and the security service is running. The rulesets might not be available or the number of events triggered for any of the parameters, equals or exceeds the red threshold value configured in the Global Dashboard Properties editor for the corresponding security service.
    • Not Setup (Black): The license for the security service is installed, but the security service is not running.
    • Unknown (Black): The data is not available from the Grid member.
  • Events from <> of <> security capable members: This column displays the cumulative event counts collected from the online Grid members that support the Infoblox Advanced DNS Protection and Infoblox Threat Insight.
    • Threat Protection: Displays the total threat protection event counts for the following severity levels:
      • Critical (Red): The total number of critical events.
      • Major (Orange): The total number of major events.
      • Warning (Yellow): The total number of warning events.
      • Informational (Blue): The total number of informational events.
    • RPZ: Displays the total number of hits received for the following RPZ rules:
      • Blocked hits (Red): Total number of queries that triggered a Block (No Data) or Block (No Such Domain) RPZ rule.
      • Passthru hits (Yellow): Total number of queries that triggered a Passthru RPZ rule.
      • Substituted hits (Orange): Total number of queries that triggered a Substitute (Domain Name) or Substitute (Record) RPZ rule.
    • Analytics: Displays the total number of DNS tunneling events.
  • Definitions/Rules: This column displays the status of the latest ruleset available in the database. For RPZ, the definition status is based on the latest RPZ feed received from Infoblox specific feeds. You can hover your mouse over the definition status to see the RPZ definition status when RPZ definitions exists.
  • Configuration Status: This column indicates whether the security service is enabled and running properly or not. Grid manager displays a green check mark if the security service is enabled and running properly in the Grid. If the security service is disabled, a gray pause mark is displayed. You can hover your mouse over the gray pause mark to see the status of the security service.

In addition, you can click the Configure icon and do the following:

  • Click Configure Security Status Thresholds to configure the thresholds for the security status of the Grid. In the Global Dashboard Properties editor, you can define the threshold values for Threat Protection, RPZ, and DNS Threat Analytics. For information, see Configuring Security Status Thresholds.
  • Select the Auto Refresh Period check box to turn on auto-refresh and specify the auto-refresh period in seconds. The default auto-refresh period is 30 seconds.

Warning

If the Detailed Status panel is open, the following actions take place:

  • Grid Manager auto refreshes at a rate of 30 seconds.
  • Widgets that support user-specified auto refresh, refresh at the rate specified in the Auto Refresh Period field.

Therefore, even if you set the session timeout to be to greater than the auto refresh rate, auto refresh still takes place. The Grid Manager session does not time out because auto refresh takes precedence over the session timeout. For more information about widgets, see Status Dashboard.

Click the Configure icon again to hide the configuration panel after you complete the modification.

Security Status for All Members

The Security Status for All Members widget displays information about the status of all the Grid members that support Infoblox Advanced DNS Protection, hardware or Software ADP, and Infoblox Threat Insight. Grid Manager displays this widget only when at least one member in the Grid has the Threat Protection or RPZ license. You can add this widget to the Security dashboard to monitor the status of the Grid members that support Infoblox Advanced DNS Protection, hardware or Software ADP, and Infoblox Threat Insight.

Note

When an HA Grid Master fails over, the new active node re-collects data from all the Grid members. Hence, it might take a few seconds until the data is displayed in the Security dashboard. When an HA Grid member fails over, the Grid Master stops collecting data from the HA member.


The Security Status for All Members widget displays the following information:

  • Overall Status: The current overall security status of the members that support Infoblox Advanced DNS Protection and Infoblox Threat Insight. This can be OK, Warning, Critical, or Unknown.

The security status for a member might be Unknown if NTP service is out of synchronization for the member. Hence, to ensure that the correct data is displayed for the member, use NTP to synchronize the time of the member with that of the Grid Master.

  • Member: The name of the member. You can hover your mouse over the member name and view the Member Status widget. For information about the Member Status widget, see Member Status (System Status).
  • IPv4 Address: The IPv4 address of the member.
  • IPv6 Address: The IPv6 address of the member.
  • Threat Protection Status: The status of the threat protection service running on the member. This can be either OK, Warning, Critical, NotSetup, or Unknown. You can hover your mouse over the threat protection status and view the Threat Protection Status for Member widget. For information about the Threat Protection Status for Member widget, see Threat Protection Status for Member.
  • RPZ Status: The status of the RPZ service running on the member. This can be either OK, Warning, Critical, NotSetup, or Unknown. You can hover your mouse over the RPZ status and view the ResponsePolicyZone(RPZ)Statistics widget. For information about the Response Policy Zone (RPZ) Statistics widget, see Response Policy Zone (RPZ) Status for Member.
  • Analytics Status: The status of the DNS Threat Analytics service running on the member. This can be either OK, Warning, Critical, NotSetup, or Unknown.

You can also do the following in this widget:

  • Turn on auto-refresh. Click the Configure icon and select the AutoRefreshPeriod check box to turn on auto-refresh. Specify the auto-refresh period in seconds. The default auto refresh period is 30 seconds.

    Warning

    If the Detailed Status panel is open, the following actions take place:

    • Grid Manager auto refreshes at a rate of 30 seconds.
    • Widgets that support user-specified auto refresh, refresh at the rate specified in the Auto Refresh Period field.

    Therefore, even if you set the session timeout to be to greater than the auto refresh rate, auto refresh still takes place. The Grid Manager session does not time out because auto refresh takes precedence over the session timeout. For more information about widgets, see Status Dashboard.

  • Click the Action icon (shown as a gear in each row of the table) next to the overall status of each member, and select ViewSyslog to view all the events logged in the syslog. Grid Manager displays the syslog messages in the Syslog Preview window.
  • Click the Export icon to export the data displayed in this widget.
  • Click the Print icon to print the data displayed in this widget.
  • Click Response Policy Zones link in the GoTo field at the top of the widget to view the RPZs configured on the member. Grid Manager displays the Response Policy Zones tab in the DNS tab. To navigate back to the Security dashboard, click Back to Security Dashboard at the top left corner of the navigation bar in the Response Policy Zones tab.
  • Click Threat Protection link in the Go To field at the top of the widget to view the threat protection rulesets configured on the member. Grid Manager displays the Threat Protection Rules tab in the Security tab. To navigate back to the Security dashboard, click Back to Security Dashboard at the top left corner of the navigation bar in the Threat Protection Rules tab.
  • Click Threat Analytics link in the Go To field at the top of the widget to view the whitelist domains configured on the member. Grid Manager displays the Threat Analytics tab. To navigate back to the Security dashboard, click Back to Security Dashboard at the top right corner of the panel in the Threat Analytics tab.
  • Click Members link in the Go To field at the top of the widget to view the members configured in the Grid. Grid Manager displays the Members tab in the Grid Manager tab. To navigate back to the Security dashboard, click Back to Security Dashboard at the top left corner of the navigation bar in the Members tab.

Threat Protection Status for Grid

The Threat Protection Status for Grid widget displays the statistical information about the threat protection events triggered on all the members in the Grid that support Infoblox Advanced DNS Protection, hardware or Software ADP, and Infoblox Threat Insight. This widget contains the following tabs: Total Events by Severity, Top 10 Grid Members, Events Over Time, Top 10 Rules, and Top 10 Clients.
You can do the following in this widget:

  • Turn on auto-refresh.
    Click the Configure icon, select the Auto Refresh Period check box, and specify the refresh period in seconds. The default auto refresh period is 30 seconds. You can click the Configure icon again to hide the configuration panel.

    Warning

    If the Detailed Status panel is open, the following actions take place:

    • Grid Manager auto refreshes at a rate of 30 seconds.
    • Widgets that support user-specified auto refresh, refresh at the rate specified in the Auto Refresh Period field.

    Therefore, even if you set the session timeout to be to greater than the auto refresh rate, auto refresh still takes place. The Grid Manager session does not time out because auto refresh takes precedence over the session timeout. For more information about widgets, see Status Dashboard.

  • Click the Total Events by Severity tab to view information about threat protection related events by the severity level. For information, see Total Events by Severity.
  • Click the Top 10 Grid Members tab to view information about the top 10 Grid members that have the most number of threat protection events. For information, see Top 10 Grid Members.
  • Click the Events Over Time tab to view information about the total event count for each type of event severity in the given time frame. For information, see Events Over Time.
  • Click the Top 10 Rules tab to view information about the top 10 threat protection rules with the most number of hits. For information, see Top 10 Rules.
  • Click the Top 10 Clients tab to view information about the top 10 clients that have the most number of threat protections events. For information, see Top 10 Clients.

Total Events by Severity

The Total Events by Severity tab displays statistics about the Threat Protection events for each type of event severity. This tab displays a bar chart that lists the total event counts for each severity level. Each severity level is represented by a different color. The event statistics are cumulative, collected from all the members in the Grid that support Infoblox Advanced DNS Protection and Infoblox Threat Insight.
This line graph displays the event counts for the following severity levels:

  • Critical (Red): The total number of critical events.
  • Major (Orange): The total number of major events.
  • Warning (Yellow): The total number of warning events.
  • Informational(Blue): The total number of informational events.

If you have configured a reporting member in the Grid, the Go To History link is displayed in this tab. You can click Go To History to view the Threat Protection Event Count By Severity Trend report in the Reporting tab. To navigate back to the Security dashboard from the Reporting tab, click Back to Security Dashboard at the top left corner of the navigation bar in the Reporting tab.

Top 10 Grid Members

The Top 10 Grid Members tab displays a stacked bar chart that tracks the top Grid members with the most total counts of threat protection events. Each severity level is represented with a different color. The report displays the top 10 members in descending order.
If you have configured a reporting member in the Grid, the Go To History link is displayed in this tab. You can click Go To History to view the Threat Protection Event Count By Member/Member Group Trend report in the Reporting tab. To navigate back to the Security dashboard from the Reporting tab, click Back to Security Dashboard at the top left corner of the navigation bar in the Reporting tab.

Events Over Time

The Events Over Time tab displays a line graph that tracks the event count for each event severity in a given time frame. You can view the event counts for the following severity level: Critical, Major, Warning, and Informational. The event statistics are cumulative, collected from all the members in the Grid that supports Infoblox Advanced DNS Protection and Infoblox Threat Insight. Each severity level is represented with a different color.
If you have configured a reporting member in the Grid, the Go To History link is displayed in this tab. You can click Go To History to view the Threat Protection Event Count By Severity Trend report in the Reporting tab. To navigate back to the Security dashboard from the Reporting tab, click Back to Security Dashboard at the top left corner of the navigation bar in the Reporting tab.

Top 10 Rules

The Top 10 Rules tab displays a horizontal bar chart that tracks the top threat protection rules that have the most number of hits. Each severity level is represented with a different color. The report displays the top 10 rules in descending order.
If you have configured a reporting member in the Grid, the Go To History link is displayed in this tab. You can click Go To History to view the Threat Protection Top Rules Logged report in the Reporting tab. To navigate back to the Security dashboard from the Reporting tab, click Back to Security Dashboard at the top left corner of the navigation bar in the Reporting tab.

Top 10 Clients

The Top 10 Clients tab displays a horizontal bar chart that tracks the total number of threat protections events triggered by top clients (source IP addresses). This tab displays the IP addresses of the top 10 clients. For NAT clients, it displays the NAT addresses for the clients.
If you have configured a Reporting member in the Grid, the Go To History link is displayed in this tab. You can click Go To History to view the Threat Protection Top Rules Logged by Source report in the Reporting tab. To navigate back to the Security dashboard from the Reporting tab, click Back to Security Dashboard at the top left corner of the navigation bar in the Reporting tab.

Note

The data displayed in this widget may not be consistent with the data displayed in the Threat Protection Top Rules Logged by Source report.

Threat Protection Status for Member

The Threat Protection Status for Member widget displays statistics about the threat protection events for a specific Grid member that supports Infoblox Advanced DNS Protection, hardware or Software ADP. For information about the threat protection feature, see About Infoblox Advanced DNS Protection.
To configure the Threat Protection Status for Member widget, click the Configure icon and complete the following:

  • Click Select Member. In the Member Selector dialog box, select a Grid member from the list that supports Infoblox Advanced DNS Protection, hardware or Software ADP.
  • Select either Dial or Bar as the display format for the following resources: Smart NIC CPU, Traffic being dropped, Traffic being received. Note that Smart NIC CPU selection is displayed only when you select a Grid member that supports Infoblox Advanced DNS Protection.
  • SNIC Settings: Select the interface for which you want to view the interface usage information. You can select one of the following from the drop-down list: HA, LAN1, or LAN2. You can view the interface usage information for the selected interface in the Interface Usage tab. This is displayed only when you select a Grid member that supports Infoblox Advanced DNS Protection.
    Note that you can select the HA port even though the Grid member is not an HA pair, because the HA port on a single member can be exposed to potential attacks.
  • NIC Settings: Select the interface for which you want to view the interface usage information. You can select one of the following from the drop-down list: HA, LAN1, or LAN2. You can view the interface usage information for the selected interface in the Interface Usage (LAN1) tab. This is displayed only when you select a Grid member that supports Software ADP.
  • Events Over Time: Select the severity level, Critical, Major, Warning, or Informational, to view the details for a specific severity level. You can select one or all the available severity levels.
  • Select the AutoRefreshPeriod check box to turn on auto-refresh, and specify the auto-refresh period in seconds. The default is 30 seconds.

    Warning

    If the Detailed Status panel is open, the following actions take place:

    • Grid Manager auto refreshes at a rate of 30 seconds.
    • Widgets that support user-specified auto refresh, refresh at the rate specified in the Auto Refresh Period field.

    Therefore, even if you set the session timeout to be to greater than the auto refresh rate, auto refresh still takes place. The Grid Manager session does not time out because auto refresh takes precedence over the session timeout. For more information about widgets, see Status Dashboard.

Click the Configure icon again to hide the configuration panel after you complete the modification. You can do the following in this widget:

  • Click the Summary tab to view the statistics for the following resources in the format you selected:
  • Smart NIC CPU: The percentage of Smart NIC CPU that is in use. This is displayed only when you select a Grid member that supports Infoblox Advanced DNS Protection.
  • Traffic being dropped: The percentage of traffic dropped. It is displayed for both LAN1 and LAN2 interfaces.
  • Traffic being received: The percentage of traffic received. It is displayed for both LAN1 and LAN2 interfaces.
  • Click the Events Over Time tab to view information about the threat protection event counts for each severity level over the given time frame. It displays line graphs that show the threat protection event counts for each event severity over the last 30 minutes. Each event severity is represented by a different color line graph. You can hover your mouse over the graph to view the coordinates of any point in the graph. You can also click the Events Over Time legend and use it as a filter to view the graph for specific severity level.
  • Click the Top 10 Rules tab to view information about the threat protection rules that have the most number of hits. It displays a bar chart to track the top 10 threat protection rules with the most number of hits for critical, major, and warning severity levels. Each event severity is displayed in a different color.
    If you have configured a Reporting member in the Grid, the Go To History link is displayed in this tab. You can click Go To History to view the Threat Protection Top Rules Logged report in the Reporting tab. To navigate back to the Security dashboard from the Reporting tab, click Back to Security Dashboard at the top left corner of the navigation bar in the Reporting tab.
  • Click the Top 10 Clients tab to view information about the top sources (client IP addresses) that triggered threat protection rules. It displays a bar chart to track the top 10 clients with the most number of hits.
    If you have configured a Reporting member in the Grid, the Go To History link is displayed in this tab. You can click Go To History to view the Threat Protection Top Rules Logged by Source report in the Reporting tab. To navigate back to the Security dashboard from the Reporting tab, click Back to Security Dashboard at the top left corner of the navigation bar in the Reporting tab.
  • Click the Interface Usage tab to view information about the interface usage (in megabytes per second) over a given time frame. It displays line graphs that show the interface usage trends for the selected interface over the last 30 minutes. You can hover your mouse over the graph to view the coordinates of any point in the graph.
  • Click the Smart NIC CPU tab to view the information about the percentage of CPU usage over a given time frame. It displays line graphs that show the CPU usage trends over the last 30 minutes. You can hover your mouse over the graph to view the coordinates of any point in the graph. This is displayed only when you select a Grid member that supports Infoblox Advanced DNS Protection.

Response Policy Zone (RPZ) Status for Grid

The Response Policy Zone (RPZ) Status for Grid widget provides statistical information about RPZ hits for the Grid. This widget contains the following tabs: Top 10 Grid Members, RPZ Recent Hits, Trend and Health.
You can do the following in this widget:

  • Select a graph configuration, Client Hits, Passthru Hits, Blocked Hits, or Substituted Hits, to view details of a specific RPZ rule. You can select either one or all the available graph configurations. Note that Client Hits is displayed only when the graph type is Line Diagram.
  • Select a graph type, Stacked Diagram or Line Diagram, to display data in the required diagrammatic format. This option is enabled only when you click the Trend tab and disabled when you click the Top 10 Grid Members, RPZ Recent Hits, or Health tabs. For more information, see Trend.
  • Click the Top 10 Grid Members tab to view information about the top 10 Grid members that have the most number of RPZ hits. For more information, see Top 10 Grid Members.
  • Click the RPZ Recent Hits tab to view information about the latest five RPZ hits with unique client addresses. For more information, see RPZ Recent Hits.
  • Click the Trend tab to view RPZ hit statistics for the Grid. For more information, see Trend.
  • Click the Health tab to view information about RPZ zones and their last updated times. For more information, see Health.

Note that you must install the RPZ license and enable RPZ logging to access this widget. For more information about installing licenses and enabling RPZ logging, see License Requirements and Admin Permissions and Setting DNS Logging Categories.

Top 10 Grid Members

The Top 10 Grid Members tab displays a stacked bar chart that tracks the top Grid members with the most total counts of RPZ hits. Each RPZ hit type is represented with a different color. The report displays the top 10 members in descending order.

RPZ Recent Hits

The RPZ Recent Hits tab displays the data that is collected from the most recent hits of five unique clients, identified by their IP addresses, during the last 24 hours. NIOS retrieves this data from the syslog. This tab does not display any data when there are no syslog messages or if RPZ logging is disabled. NIOS displays an error message if RPZ logging is disabled. For more information about enabling RPZ logging, see Setting DNS Logging Categories.
Grid Manager retrieves recent hits from the Grid members. If a member has an RPZ license installed, then NIOS will parse the syslog every 60 seconds to collect the data. NIOS parses the generated data to identify the five most recent hits. It searches for these fields in the syslog message: CEF: data string(RPZ syslog) and src fields.
The NIOS appliance remembers the start and end time of previously searched operations to optimize the recent hits data collection, so that the same data is not searched again. Note that when the same client makes repeated queries in the last 24 hours, then there might be less than five unique client hits. You cannot sort or filter values in this tab.
This tab displays the following information:

  • Client IP Address: IP address of the client that made the recent hits.
  • Requested FQDN: The domain name or IP address that triggered the RPZ rule. For example, consider an RPZ rule test.com.rpz.com, which queries for test.com. In this example, test.com is the requested FQDN.
  • RPZ Entry: The RPZ rule that queried a domain name or an IP address. In the above example, test.com.rpz.com is the RPZ rule.
  • Timestamp: The date and time when the hit occurred.

Consider an example in which you query an RPZ zone and the NIOS appliance logs the following message in the syslog:

CEF:0|Infoblox|NIOS|6.9.0-219291|RPZ-QNAME|NODATA|4|app=DNS dst=10.35.101.14 src=10.36.0.251 spt=44460 view=_default qtype=A msg="rpz QNAME NODATA rewrite w18.vg \[A\] via w18.vg.fireeye.com"

This tab displays information in the corresponding fields as follows:

FieldsDescription
Client IP AddressData is retrieved from the src field. Example: 10.36.0.251
Requested FQDN It is retrieved from the data between the rewrite and [A] via fields. Example: w18.vg.
RPZ EntryIt is retrieved from the data after the via in msg field. Example: w18.vg.fireeye.com
TimestampThis is listed in the syslog.

You can export data displayed in this tab by clicking the Export icon. For more information, see Exporting Displayed Data.

Trend

The Trend tab displays statistics of RPZ hits during the last 60 minutes for the Grid. You can use a stacked graph or a line graph to view the hits. Each of the RPZ policy is represented with a different color. This tab displays the following information:

  • Client Hits: Total number of queries that triggered an RPZ policy. Note that this option is not displayed when you choose Stacked Diagram, but displayed only when you choose Line Diagram.
  • Passthru Hits: Total number of queries that triggered a Passthru RPZ rule. For more information about passthru rules, see Managing Passthru Rules.
  • Blocked Hits: Total number of queries that triggered a Block (No Data) or Block (No Suc hDomain) RPZ rule. For more information, see Managing Block (No Data) Rules or Managing Block (No Such Domain) Rules respectively.
  • Substitute Hits: Total number of queries that triggered a Substitute (Domain Name) or Substitute (Record) RPZ rule. For more information, see Managing Substitute (Domain Name) Rules and Managing Substitute (Record) Rules.
  • Timestamp: The graph displays a 24 hours time window. Note the following about this tab:
  • The statistical data in DNS service will be reset when you stop and restart the DNS service or if you force an active DNS service to restart regardless of its state. This results in loss of prior data.
  • Using this graph, you can view the timestamp of statistics collection.

Health

The Health tab displays information of RPZ zones and their last updated date and time. This data is retrieved directly from the database. Note that you cannot sort or filter values in this tab. You can export the data displayed in this tab by clicking the Export icon. For more information, see Exporting Displayed Data.

Response Policy Zone (RPZ) Status for Member

The Response Policy Zone (RPZ) Status for Member widget provides statistical information about RPZ hits for the selected member. This widget contains the following tabs: RPZ Recent Hits, Trend, and Health.
You can do the following in this widget:

  • Click Select Member. In the Member Selector dialog box, choose a Grid member to view the RPZ hits, or statistics, or RPZ zones and their last updated date and time.
  • Select a graph configuration, ClientHits, Passthru Hits, Blocked Hits, or Substituted Hits, to view details of a specific RPZ rule. You can select either one or all the available graph configurations. Note that Client Hits is displayed only when the graph type is Line Diagram.
  • Select a graph type, Stacked Diagram or Line Diagram, to display data in the required diagrammatic format. This option is enabled only when you click the Trend tab and disabled when you click the Top 10 Grid Members, RPZ Recent Hits, or Health tabs. For more information, see Trend.
  • Click View Syslog to view the last 20 RPZ events that are logged in the syslog. For more information, see Previewing the Syslog.
  • Click the RPZ Recent Hits tab to view information about the latest five RPZ hits with unique client addresses. For more information, see RPZ Recent Hits.
  • Click the Health tab to view information about RPZ zones and their last updated times. For more information, see Health.

Note that you must install the RPZ license and enable RPZ logging to access this widget. For more information about installing licenses and enabling RPZ logging, see License Requirements and Admin Permissions and Setting DNS Logging Categories.

RPZ Recent Hits

The RPZ Recent Hits tab displays the data that is collected from the most recent hits of five unique clients, identified by their IP addresses, during the last 24 hours. NIOS retrieves this data from the syslog. This tab does not display any data when there are no syslog messages or if RPZ logging is disabled. NIOS displays an error message if RPZ logging is disabled. For more information about enabling RPZ logging, see Setting DNS Logging Categories.
Grid Manager retrieves recent hits from the selected member. If a member has an RPZ license installed, then NIOS will parse the syslog every 60 seconds to collect the data. NIOS parses the generated data to identify the five most recent hits. It searches for these fields in the syslog message: CEF: data string(RPZ syslog) and src fields.
The NIOS appliance remembers the start and end time of previously searched operations to optimize the recent hits data collection, so that the same data is not searched again. Note that when the same client makes repeated queries in the last 24 hours, then there might be less than five unique client hits. You cannot sort or filter values in this tab.
This tab displays the following information:

  • Client IP Address: IP address of the client that made the recent hits.
  • Requested FQDN: The domain name or IP address that triggered the RPZ rule. For example, consider an RPZ rule test.com.rpz.com, which queries for test.com. In this example, test.com is the requested FQDN.
  • RPZ Entry: The RPZ rule that queried a domain name or an IP address. In the above example, test.com.rpz.com is the RPZ rule.
  • Timestamp: The date and time when the hit occurred.

Consider an example in which you query an RPZ zone and the NIOS appliance logs the following message in the syslog:

CEF:0|Infoblox|NIOS|6.9.0-219291|RPZ-QNAME|NODATA|4|app=DNS dst=10.35.101.14 src=10.36.0.251 spt=44460 view=_default qtype=A msg="rpz QNAME NODATA rewrite w18.vg \[A\] via w18.vg.fireeye.com"

This tab displays information in the corresponding fields as follows:

FieldsDescription
Client IP Address

Data is retrieved from the src field.

Example: 10.36.0.251

Requested FQDNIt is retrieved from the data between the rewrite and [A] via fields. Example: w18.vg.
RPZ EntryIt is retrieved from the data after the via in msg field. Example: w18.vg.fireeye.com
TimestampThis is listed in the syslog.

Trend

The Trend tab displays statistics of RPZ hits on the selected member during the last 60 minutes. You can use a stacked graph or a line graph to view the hits. DNS service generates RPZ statistics for the selected member. Each of the RPZ policy is represented with a different color. This tab displays the following information:

  • Client Hits: Total number of queries that triggered an RPZ policy. Note that this option is not displayed when you choose Stacked Diagram, but displayed only when you choose Line Diagram.
  • Passthru Hits: Total number of queries that triggered a Passthru RPZ rule. For more information about passthru rules, see Managing Passthru Rules.
  • Blocked Hits: Total number of queries that triggered a Block (No Data) or Block (No Such Domain) RPZ rule. For more information, see Managing Block (No Data) Rules or Managing Block (No Such Domain) Rules respectively.
  • Substituted Hits: Total number of queries that triggered a Substitute (Domain Name) or Substitute (Record) RPZ rule. For more information, see Managing Substitute (Domain Name) Rules and Managing Substitute (Record) Rules.
  • Timestamp: The graph displays a 24 hours time window.
    Note the following about this tab:
  • The statistical data in DNS service will be reset when you stop and restart the DNS service or if you force an active DNS service to restart regardless of its state. This results in loss of prior data.
  • Using this graph, you can view the timestamp of statistics collection.

Health

The Health tab displays information of RPZ zones on the selected member and their last updated date and time. This data is retrieved directly from the database. Note that you cannot sort or filter values in this tab. You can export the data displayed in this tab by clicking the Export icon. 

Previewing the Syslog

You can view the RPZ events that are logged in the syslog for a selected Grid member. Note that the preview displays only the last 20 RPZ events from the syslog. This wizard displays the following information:

  • Timestamp: The date and time when the hit occurred.
  • Facility: The location on the syslog server sorting the log message.
  • Level: The severity of the message. This can be ALERT, CRITICAL, DEBUG, EMERGENCY, ERROR, INFO, NOTICE, or WARNING.
  • Server: The name of the server that logged this message, plus the process ID.
  • Message: Detailed information about the RPZ query. You can click the Go to Syslog Viewer link to view the RPZ events that are logged in the syslog. NIOS displays all the RPZ events that are logged in the syslog for the selected member and the Quick Filter is set to RPZ Incident Logs by default. For more information, see 

Tenant & VMs

The Tenant & VMs tab displays a table that shows the total number of Tenants, Cloud VMs, and IP Addresses, depending on your configuration. It also displays the average number of cloud VMs and IP addresses per tenant.

Fixed vs. Floating

The Fixed vs. Floating tab displays IP address allocation for cloud objects. It displays the total number of fixed address allocation and floating address allocation, depending on your configuration. It also displays a pie chart indicating the percentage for each allocation.

Available vs. Allocated

The Available vs. Allocated tab displays IP address allocation for available versus allocated IP addresses. It displays the total number of available IP addresses versus allocated IP addresses, depending on your configuration. It also displays a pie chart indicating the percentage for each allocation.

Threat Analytics Status for Grid

The Threat Analytics Status for Grid widget displays the statistical information about the DNS tunneling events. This widget contains the following tabs: Detections Over Time, Top 10 Grid Members, and Detections.
You can do the following in this widget:

  • Turn on auto-refresh.
    Click the Configure icon, select the AutoRefreshPeriod check box, and specify the refresh period in seconds. The default auto refresh period is 30 seconds. Click the Configure icon again to hide the configuration panel after you complete the modification.

    Warning

    If the Detailed Status panel is open, the following actions take place:

    • Grid Manager auto refreshes at a rate of 30 seconds.
    • Widgets that support user-specified auto refresh, refresh at the rate specified in the Auto Refresh Period field.

    Therefore, even if you set the session timeout to be to greater than the auto refresh rate, auto refresh still takes place. The Grid Manager session does not time out because auto refresh takes precedence over the session timeout. For more information about widgets, see Status Dashboard.

  • Click the Detections Over Time tab to view information about the detected DNS tunneling events in a given time frame.
  • Click the Top 10 Grid Members tab to view information about the top 10 Grid members with the most total counts of detections by type.
  • Click the Detections tab to view information about all the detected DNS tunneling events.

Detections Over Time

The Detections Over Time tab displays a line graph that tracks the number of detected DNS tunneling events over the given time frame. You can hover your mouse over the graph to view the coordinates of any point in the graph.

Top 10 Grid Members

The Top 10 Grid Members tab displays a stacked bar chart that tracks the top Grid members with the most total counts of detected DNS tunneling events by type. The report displays the top 10 Grid members in descending order.

Detections

The Detections tab displays information about all the detected DNS tunneling events. This tab displays the following information about each detection in table format:

  • Client IP Address: The IP address of the client.
  • Domain: The domain name of the client.
  • Timestamp: The timestamp when the event occurred.
  • Module: Displays the threat analytics module.

Threat Analytics Status for Member

The Threat Analytics Status for Member widget displays statistics about the DNS tunneling events for a specific Grid member.
To configure the Threat Analytics Status for Member widget, click the Configure icon and complete the following:

  • Click SelectMember to select a Grid member. If there are multiple members, the MemberSelector dialog box is displayed, from which you can select a member. Click the required member name in the dialog box. You can also click Clear to clear the displayed member and select a new one.
  • Select the AutoRefreshPeriod check box to turn on auto-refresh, and specify the auto-refresh period in seconds. The default is 30 seconds.

    Warning

    If the Detailed Status panel is open, the following actions take place:

    • Grid Manager auto refreshes at a rate of 30 seconds.
    • Widgets that support user-specified auto refresh, refresh at the rate specified in the Auto Refresh Period field.

    Therefore, even if you set the session timeout to be to greater than the auto refresh rate, auto refresh still takes place. The Grid Manager session does not time out because auto refresh takes precedence over the session timeout. For more information about widgets, see Status Dashboard.

Click the Configure icon again to hide the configuration panel after you complete the modification.

You can do the following in this widget:

  • Click the Detections Over Time tab to view information about the DNS tunneling event count for the selected Grid member in a given time frame. It displays a line graph that tracks the number of DNS tunneling event detections in a given time frame. You can hover your mouse over the graph to view the coordinates of any point in the graph.
  • Click the Detections tab to view information about all the detected DNS tunneling events. This tab displays the following information in table format:
    • Client IP Address: The IP address of the client.
    • Domain: The domain name of the client.
    • Timestamp: The timestamp when the event occurred.
    • Module: Displays the threat analytics module. This tab displays only the last 15 detections.

Pool Licenses Statistics

The Pool Licenses Statistics widget displays information about pool license allocation in your Grid. Pool licenses are dynamic service and feature licenses, such as vNIOS, DNS, DHCP, and Cloud Platform that you purchase for vNIOS and cloud deployments based on your evolving business needs. The Grid Master keeps track of dynamic licenses that are allocated to vNIOS members and adjusts the total number of available dynamic licenses for each feature and service.
In the widget, you can select the license type and Grid Manager displays the total numbers of assigned and available licenses based on the selected license type.
To configure the Pool Licenses Statistics widget, click the Configure icon and complete the following:

  • Show Usage for: From the drop-down list, select a license type for which you want the appliance to display dynamic license usage.

The widget displays license usage and the numbers of assigned and available licenses.
You can also view the total number of dynamic licenses installed for each feature and service, the number of active and available licenses, their usage, and other related information in the Grid tab -> Licenses tab -> Pool tab of Grid Manager. For information about how to view dynamic licenses, see Managing Licenses.

DNS Record Scavenging

The DNS Record Scavenging dashboard widget displays statistics about the scavenging of stale DNS records. The widget displays the following information for the current or last known scavenging activities:

  • Status: The status of the scavenging operation.
  • Start: The start time of the scavenging operation.
  • End: The end time of the scavenging operation.
  • User: The user who initiated the scavenging operation.
  • Selected Object: The Grid, view, or zone affected by record scavenging.
  • Action: The action applied to the scavenging operation.
  • Processed Records: The number of DNS records processed.
  • Reclaimable Records: The number of DNS records marked as reclaimable.
  • Reclaimed Records: The number of DNS records removed during the scavenging operation.

Click an icon on the filter panel, as illustrated in the Figure 2.2, to add a widget to the desired dashboard. Filterpanel is categorized in to the following: Cloud , Security , DNS/DHCP , and Reset . When you clickon an icon, Grid Manager displays thumbnails of the widgets belonging to the respective filter. If you click filtersone after the other without clicking Reset, Grid Manager displays thumbnails of all widgets along with the icon that indicates the category to which the widget belongs. Click Reset to view only those widgets that belong to the selected category.

  • No labels

This page has no comments.