Download Infoblox VMware vRealize Log Insight Content Pack User Manual

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
Document related concepts

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
Infoblox VMware vRealize Log Insight Content Pack
User Manual
Version 1.1
Release History
S#
1
2
Version Date
1.0
14 May 2015
1.1
15 May 2015
History
Initial Version
IPAM, DHCP and DNS Dashboard changes for Infoblox DDI VMware
vRealize LogInsight Content Pack version 1.5
Copyright © 2015 Infoblox. All Rights Reserved.
2
Table of Contents
1
Introduction .............................................................................................................................. 4
2
Infoblox vRealize Log Insight Content Pack Installation .............................................................. 4
3
Dashboards................................................................................................................................ 7
3.1
General - Overview Dashboard ........................................................................................... 7
3.2
General – Security Dashboard ............................................................................................ 8
3.3
IPAM – Configuration Dashboard ....................................................................................... 9
3.4
DNS – Configuration ......................................................................................................... 10
3.5
DHCP – Configuration....................................................................................................... 12
4
Alerts ....................................................................................................................................... 13
5
Extracted Fields ....................................................................................................................... 14
6
Getting Support for the Infoblox Content Pack for Log Insight .................................................. 24
Copyright © 2015 Infoblox. All Rights Reserved.
3
1 Introduction
The Trinzic Network Services and Management family of products enable companies to manage,
control, and optimize DNS, DHCP, and other services.
The product family leverages existing investments, paves the way to the Cloud, and ensures network
services uptime.
VMware vRealize Log Insight delivers automated log management through log analytics, aggregation
and search. Infoblox DDI appliance provides comprehensive logs for DHCP, DNS and IPAM events
and they are provided to Infoblox vRealize Log Insight Content Pack.
Infoblox vRealize Log Insight Content Pack provides powerful visualizations into DHCP, DNS and
IPAM events for proactive monitoring and auditing.
Customers can monitor multiple DDI appliances from vRealize Log Insight appliance using Infoblox
vRealize Log Insight Content Pack. It provides for –
1. Powerful Monitoring
Customers can monitor DHCP, DNS and IPAM Configuration for quick problem resolution.
Additionally the Content Pack provides authentication and system status information.
2. Alerting
Customers can configure alerts for configuration changes in DHCP, DNS and IPAM as well as on
Authentication events.
3. Break down of Events
Infoblox vRealize Log Insight Content Pack provides multiple extracted fields, from the events, which
helps in trouble shooting and root cause analysis.
2 Infoblox vRealize Log Insight Content Pack Installation
To install the Content Pack, click on the three lines next to admin.
Copyright © 2015 Infoblox. All Rights Reserved.
4
Click “Content Packs”
Select “Import Content Pack” at the lower left corner of the screen
Copyright © 2015 Infoblox. All Rights Reserved.
5
Browse to the location of the Content Pack –
Click on Import
Copyright © 2015 Infoblox. All Rights Reserved.
6
3 Dashboards
Infoblox VMware vRealize Log Insight Content Pack provides the following dashboards 
General – Overview
This dashboard gives the consolidated information of IPAM, DHCP, DNS and Restart events

General – Security
This dashboard provides the information about successful and failed log in events.

IPAM – Configuration
This dashboard displays information about IPAM Network container and IPAM Network
events.

DNS – Configuration
This dashboard displays information about DNS Zone events and DNS Host Record events.

DHCP – Configuration
This dashboard displays information about DHCP Range and DHCP Reserved Range events.
3.1 General - Overview Dashboard
General Overview Dashboard provides the consolidated information for IPAM, DNS and DHCP and
restart events. It has the following widgets 
IPAM Configuration Events Over Time
Total number of of IPAM events received over time. This includes IPAM Network Container
and Network - Creation, Modification and Deletion events.

DNS Configuration Events Over Time
Copyright © 2015 Infoblox. All Rights Reserved.
7
The total number of DNS events received over time. These include DNS configuration and
run time events.
Note:
1. DNS configuration events include Zone Creation, Modification and Deletion events.
2. DNS run time events include Host Record Creation, Modification and Deletion events.

DHCP Configuration Events Over Time
Total number of DHCP events received over time. This includes DHCP Range and Reserved
Range - Creation, Modification and Deletion events.

Grid Service Restart Events Over Time
Grid service restarts are required for the NIOS to load the configured settings.
This chart displays all the Grid service restart events over time.
3.2 General – Security Dashboard
This dashboard provides the widgets for –

Failed Authentication Events Over Time
This chart displays the failed log in Authentication events over time.

Successful Authentication Events Over Time
This chart displays the successful log in Authentication events over time.

Logout Events Over Time
This chart displays the successful log out Authentication events over time.
Copyright © 2015 Infoblox. All Rights Reserved.
8

Failed Authentication Events With Details
This chart displays the failed log in Authentication event along with details.

Failed and Successful Events by Source
This chart displays the Failed and Successful log in Authentication by source.

Failed Events by Connector IP
This chart displays the failed log in Authentication events grouping by Connector IP.
3.3 IPAM – Configuration Dashboard
This dashboard contains the widgets for –

Network Container Events Over Time
This chart displays the IPAM Network Container Creation, Modification and Deletion events
over time.

Network Container Events By Operation
This chart displays the IPAM Network Container events by operation type - Creation,
Modification or Deletion.

Network Container Events By Network Container Address
This chart displays the IPAM Network Container events by the Network Container address.

Network Events Over Time
This chart displays the IPAM Network Creation, Modification and Deletion events over time.

Network Events By Operation
Copyright © 2015 Infoblox. All Rights Reserved.
9
This chart displays the IPAM Network events by operation - Creation, Modification or
Deletion.

Network Events By Network Address
This chart displays the Network events by the network address.
3.4 DNS – Configuration
This dashboard contains the widgets for –

DNS Zone Events Over Time
An authoritative zone is a zone for which the local (primary or secondary) server references
its own data when responding to queries. The local server is authoritative for the data in this
zone and responds to queries for this data without referencing another server.
This chart displays the DNS Zone Creation, Modification and Deletion events over time.

DNS Zone Events By Operation
An authoritative zone is a zone for which the local (primary or secondary) server references
its own data when responding to queries. The local server is authoritative for the data in this
zone and responds to queries for this data without referencing another server.
This chart displays the DNS Zone events by operation type - Creation, Modification or
Deletion.

DNS Zone Events By FQDN
Copyright © 2015 Infoblox. All Rights Reserved.
10
An authoritative zone is a zone for which the local (primary or secondary) server references
its own data when responding to queries. The local server is authoritative for the data in this
zone and responds to queries for this data without referencing another server.
This chart displays the DNS Zone events by FQDN.

DNS Host Record Over Time
A host record defines attributes for a node, such as the name-to-address and address-toname mapping. This alleviates having to specify an A record and a PTR record separately for
the same node. A host can also define aliases and DHCP fixed address nodes. The zone must
be created first before adding a host record for the zone.
This graph displays the DNS Host Record Creation, Modification and Deletion events over
time.

DNS Host Record Events by Operation
A host record defines attributes for a node, such as the name-to-address and address-toname mapping. This alleviates having to specify an A record and a PTR record separately for
the same node. A host can also define aliases and DHCP fixed address nodes. The zone must
be created first before adding a host record for the zone.
This graph displays the DNS Host Record events by operation - Creation, Modification or
Deletion.

DNS Host Record Events by FQDN
An authoritative zone is a zone for which the local (primary or secondary) server references
its own data when responding to queries. The local server is authoritative for the data in this
zone and responds to queries for this data without referencing another server.
This chart displays the DNS Zone events by FQDN.
Copyright © 2015 Infoblox. All Rights Reserved.
11
3.5 DHCP – Configuration
This dashboard displays information about DHCP Range and DHCP Reserved Range events –

DHCP Range Events Over Time
This chart displays the NIOS DHCP Range Creation, Modification and Deletion events over
time.

DHCP Range Events By Operation
This chart displays the NIOS DHCP Range events by operation - Creation, Modification or
Deletion.

DHCP Range Events By Range Address
This chart displays the DHCP Range events by Range Address.

DHCP Reserved Range Events Over Time
This chart displays the DHCP Reserved range Creation, Modification and Deletion events
over time.

DHCP Reserved Range Events By Operation
This chart displays the DHCP Reserved Range events by operation - Creation, Modification or
Deletion.

DHCP Reserved Range Events By Reserved Range Address
This chart displays the DHCP Reserved Range events by Reserved Range Address.
Copyright © 2015 Infoblox. All Rights Reserved.
12
4 Alerts
Infoblox vRealize Log Insight Content Pack provides the alerts for the following 
NIOS Any Authentication Event
This alert is sent on any Authentication event in NIOS.

NIOS Any DHCP Configuration Event
This alert is sent on any DHCP Range or DHCP Reserved Range configuration event in NIOS.

NIOS Authentication Failed Event
This alert is sent on Authentication failure.

NIOS Any IPAM Configuration Event
This alert is sent on any IPAM Network or Network configuration event.

NIOS Any DNS Configuration Event
This alert is sent on any DNS Zone or DNS Host Record configuration event.
Copyright © 2015 Infoblox. All Rights Reserved.
13
5 Extracted Fields
Infoblox vRealize Log Insight Content Pack provides the following extracted fields –

nios_cidr
This field gives the CIDR for the Network Address.

nios_dhcp_range_operation
This field gives the NIOS DHCP Range operation type.
Copyright © 2015 Infoblox. All Rights Reserved.
14

nios_dhcp_range
This field gives the DHCP Range which has been created.

nios_dns_view
This field gives the NIOS DNS view.
Copyright © 2015 Infoblox. All Rights Reserved.
15

nios_dns_zone_operation
This field gives the NIOS DNS Zone operation type.

nios_fqdn
This field gives the Fully Qualified Domain Name which has been configured.
Copyright © 2015 Infoblox. All Rights Reserved.
16

nios_grid_member
This field gives the NIOS Grid member information.

nios_host_record_addr
This field gives the Host Record which has been created.
Copyright © 2015 Infoblox. All Rights Reserved.
17

nios_host_record_fqdn
This field gives the FQDN in the Host Record.

nios_host_record_operation
This field gives the Host Record operation type.
Copyright © 2015 Infoblox. All Rights Reserved.
18

nios_network
This field gives the Network which has been created.

nios_network_container
This field gives the Network Container which has been created.
Copyright © 2015 Infoblox. All Rights Reserved.
19

nios_network_container_operation
This field gives the Network Container Operation type.

nios_network_operation
This field gives the Network Operation type.
Copyright © 2015 Infoblox. All Rights Reserved.
20

nios_network_view
This field gives the network view.

nios_ns_group
This field gives the NS group name.
Copyright © 2015 Infoblox. All Rights Reserved.
21

nios_reserved_range_operation
This field gives the NIOS DHCP Reserved Range operation type.

nios_reservedrange
This field gives the DHCP Reserved Range which has been created.
Copyright © 2015 Infoblox. All Rights Reserved.
22

nios_security_apparently_via
This field gives the source of the Authentication event.

nios_security_connector_ip
This field gives the Security connector IP address information.
Copyright © 2015 Infoblox. All Rights Reserved.
23

nios_trigger_event
This field gives the Security connector IP address information.
6 Getting Support for the Infoblox Content Pack for Log Insight
Infoblox does not offer telephone support for the Infoblox Content Pack for Log Insight. If you
require technical assistance or have any questions, comments or feedback related to this content
pack please post them to Infoblox Community at this URL: https://community.infoblox.com/
Copyright © 2015 Infoblox. All Rights Reserved.
24
Related documents
Lab 9
Lab 9
DNS/DHCP Server Management - Avnet Technology Solutions
DNS/DHCP Server Management - Avnet Technology Solutions
sp-DDI_intoduction
sp-DDI_intoduction
E-Business - Computer Science and Information Systems Technical
E-Business - Computer Science and Information Systems Technical
How to Use an Alternate TCP/IP Configuration
How to Use an Alternate TCP/IP Configuration
Network Services for Authentication For Wireless LAN
Network Services for Authentication For Wireless LAN
Remote Access Service
Remote Access Service
Infoblox DHCP Fingerprinting Enabling Endpoint Discovery and
Infoblox DHCP Fingerprinting Enabling Endpoint Discovery and
VitalQIP™ DNS/DHCP and IP Management Software
VitalQIP™ DNS/DHCP and IP Management Software
DOWNLOAD ANDROID MULTI TOOLS V1 02B GSMFORUM
DOWNLOAD ANDROID MULTI TOOLS V1 02B GSMFORUM
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
Windows Internet Connection Sharing
Windows Internet Connection Sharing