Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For syslog message prefixes to be enabled, you must check the Log to External Syslog Servers check box checkbox in Grid Properties > Monitoring. Also, the external syslog server (which can be a virtual or a physical server) must have at least one of the syslog categories selected instead of the Send all option selected in the Logging Category field. 

...

Sample syslog message for queries:

20142022-1001-27T0818T09:1535:4935+00:00 daemon ib-10-35-117-12.infoblox member1.com named[192319355]: info
queries: client @0x7fea340ccc90 10.35111.11745.12#55190 104#34670 (1a.0.0.127.in-addr.arpasolo.com): query:
1a.0.0.127.in-addr.arpa IN PTR +E solo.com IN A +E(0)K (10.3534.117122.1222)

Sample syslog message for xfer-out:

20142022-10-10T06:44:09+00:00 daemon infoblox.localdomain named[17630]: info xfer-out:
client 10.120.20.157#58275 (zone.com): transfer of 'zone.com/IN': AXFR started

...

  1. Grid: From the Grid tab -> Grid Manager tab, expand the Toolbar and click Grid Properties -> Edit.
    Member: From the Grid tab -> Grid Manager tab, click the Members tab, select the member check box checkbox, and click the Edit icon.
  2. Grid: In the Grid Properties editor, select the Syslog Backup tab.
    Member: In the Grid Member Properties editor, select the Syslog Backup tab and then click Override to override the Grid-level settings.

    To modify backup server settings, complete the following:
    • Address: Enter the IP address of the external backup server. You are not allowed to configure more than one server using the same IP address at the same level (Grid or member). However, you can use the same server IP address at different levels (Grid or member). Note that you cannot modify the IP address for the overridden server.
    • Protocol: Select SCP or FTP from the drop-down list.
    • Port: Enter the destination port number. The default port is 20 for FTP and 22 for SCP.
    • Path: Enter the directory path for the syslog file.
    • Username: Enter the username of your FTP or SCP account.
    • Password: Enter the password of your FTP or SCP account. If you do not change the password of the overridden server, then make sure that you use the same password specified at the Grid level.
    • Enabled: Select this check box checkbox to enable the FTP or SCP server. The appliance forwards the rotated syslog files to the external servers that you configure only after you select this check boxcheckbox. Clear the check box checkbox to disable the server.

3. Click Save and Close.

...

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> member check box checkbox, and then click the Edit icon.
  2. In the Grid Member Properties editor, select the Monitoring tab -> Basic tab, click Override in the Syslog section, and then complete the fields as described in Specifying Syslog Servers.
    In addition to storing the system log on a Grid member, you can configure a member to send the log to a syslog server.
  3. Select the Advanced tab and complete the following:
    • Enable syslog proxy: Select this to enable the appliance to receive syslog messages from other devices, such as syslog servers and routers, and then forward these messages to an external syslog server.
      • Enable listening on TCP: Select this if the appliance uses TCP to receive messages from other devices. Enter the number of the port through which the appliance receives syslog messages from other devices. 
      • Enable listening on UDP: Select this if the appliance uses UDP to receive messages from other devices. Enter the number of the port through which the appliance receives syslog messages from other devices.

...

  1. From the Data Management tab, select the DNS tab, and then click Grid DNS Properties from the Toolbar.
    or
    From the Data Management tab, select the DNS tab -> Members tab -> Grid_member check box checkbox, and then click the Edit icon.
  2. In the Grid DNS Properties or Member DNS Properties editor, click Toggle Expert Mode if the editor is in the basic mode, select the Logging tab, and then complete the following:
    • Logging Facility: Select a facility from the drop-down list. This is the location on the syslog server to which you want to sort the DNS logging messages.
    • Logging Category: Select one or more of these log categories:
      • general: Records the BIND messages that are not specifically classified.
      • client: Enables the logging of messages related to query processing, but not the queries themselves. Examples of messages include exceeding recursive client quota, and other errors related to recursive clients, blacklist and NXDOMAIN interception, query name rewrite, and others.
      • config: Records the configuration file parsing messages.
      • database: Records BIND's internal database processes.
      • dnssec: Records the DNSSEC-signed responses.
      • lame servers: Records bad delegation instances.
      • network: Records the network operation messages.
      • notify: Records the asynchronous zone change notification messages.
      • queries: Records the DNS queries. Note that enabling the logging of queries and responses will significantly affect system performance. Ensure that your system has sufficient CPU capacity before you enable DNS query logging.
      • rate-limit: Logs RRL (Response Rate Limiting) events. You must enable RRL in order for the appliance to log RRL events to this logging category.
      • resolver: Logs messages related to outgoing queries from the 'named' process, when it is acting as a resolver on behalf of clients.
      • responses: Records DNS responses. Note that enabling the logging of queries and responses will significantly affect system performance. Ensure that your system has sufficient CPU capacity before you enable DNS response logging.
      • rpz: Records log messages when responses are modified through RPZs or for which explicit passthrus were invoked in the RPZs. This check box checkbox is not selected by default.
      • security: Logs miscellaneous messages that are related to security, such as denial or approval (mostly denial) of certain operations.
      • transfer-in: Records zone transfer messages from the remote name servers to the appliance.
      • transfer-out: Records zone transfer messages from the NIOS appliance to remote name servers.
      • update: Records the dynamic update instances.
      • update-security: Records the security updates.
      • DTC load balancing: Records information about which client is directed to which server.
      • DTC health monitors: Records any changes to the health state of a monitored server.

...