Versions Compared

Version Old Version 6 New Version 7
Changes made by

Gary Leicht

Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that you must configure the NIOS appliance to send syslog messages to an external Data Connector VM over TCP. By default, the NIOS appliance sends these messages over UDP. To configure the NIOS appliance to send messages over TCP, log in to Grid Manager and from the Grid tab - > select the Grid Manager tab - > Members tab, and then click Grid Properties ->  > Edit from the Toolbar. In the Grid Properties editor, select the Monitoring tab, select the Log to External Syslog Servers check box, click the Add icon and specify the IP address of the Legacy Data Connector VM. Next, select Secure TCP or TCP as the Transport option. For more information about syslog, refer to the Infoblox NIOS Administrator Guide.

...

  1. Connect to the CLI using the following command: ssh admin@vm_ip_address -p 2020

    admin@<vm_ip_address>'s password: password

    Name:    DataConnector

    Version: 3.0.0-371818

    Infoblox Data Connector Virtual Machine

    In the above command, the variable vm_ip_address is the IP address of the Data Connector VM. You can get the IP address from the VM console on the VMware ESXi server. The default username is admin and the default password is infoblox.

    You can run the wizard command to configure of the Legacy Data Connector VM. Using the wizard command, you can configure network settings, register the Legacy Data Connector VM with the Infoblox Grid, and add an SCP user who is allowed to upload files to the Legacy Data Connector VM. Note that you can register only one Legacy Data Connector VM with the NIOS Grid.

    Note: Ensure that your network configuration allows data exchange between the Legacy Data Connector VM and the destination, which can be the Reporting member, an Infoblox BloxOne Threat Defense Cloud, or a SIEM tool.

    Note that the following wizard output contains configuration of all the destinations as an example. To configure a Reporting destination, see Configuring Reporting Destination. For information about configuring a Splunk destination, see Configuring Splunk Destination. To configure an BloxOne Threat Defense Cloud, see Configuring BloxOne Threat Defense Cloud Destination. To configure a SIEM tool, see About Infoblox Legacy Data Connector.
    Run the wizard command as follows and enter the information as prompted:

    > wizard

    Do you want to configure admin network settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter IPv4 configuration in format: 'mode [gateway address mask vlanid]'
    Current settings are [ static 10.36.0.1 10.36.130.1 255.255.0.0 0 ]:
    static 10.36.0.1 10.36.130.1 255.255.0.0 0
    ok
    Please enter dns configuration[ 10.0.0.0 ]:
    10.0.0.0
    DNS servers obtained by DHCP (if any) have higher precedence
    ok
    Please enter domain configuration[ dc-xyz.com ]:
    dc-xyz.com
    ok
    Please enter hostname configuration[ dc-xyz ]:
    dc-xyz
    ok
    Configured System Setting:
    gateway: 10.36.0.1
    mask: 255.255.0.0
    mode: static
    address: 10.36.130.1
    vlanid: 0
    vlan configuration is only in effect in the static mode.
    Configured DNS Setting:
    Dns Server(s): ['10.0.0.0']
    domain: dc-xyz.com
    hostname: dc-xyz
    Is it correct? y/n [y]:
    y
    Do you want to configure data output cloud registration settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter cloud url[ https://usa-va.csp.infoblox.com/dnslog ]:
    Settings unchanged.
    Please enter api_key[ 1234 ]:8
    Is it correct? y/n [y]:
    y
    Please enter agent_id[ DEFAULT_ID ]:
    agent_1
    ok
    url: https://usa-va.csp.infoblox.com/dnslog
    api_key[ 1234 ]:8
    agent_id[ 1234 ]: agent_1
    Do you want to configure data output cloud settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter Output cloud mode configuration[ hold ]:
    hold
    ok
    The output mode is hold
    Is it correct? y/n [y]:
    y
    Do you want to configure data output ArcSight settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter ArcSight SIEM address[ 10.196.104.222 ]:
    10.196.3.4
    ok
    Do you want to add more values? y/n [n]:
    y

    Please enter ArcSight SIEM address[ 10.196.3.4 ]:
    10.196.3.5
    ok
    Do you want to add more values? y/n [n]:
    n
    Please enter ArcSight default port[ 514 ]:
    514
    ok
    Please enter ArcSight mode[ disabled ]:
    hold
    ok
    Address: 10.196.3.5
    ArcSight port is 514
    The output mode is hold
    Is it correct? y/n [y]:
    y
    Do you want to configure data output QRadar settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter QRadar SIEM address:
    10.196.8.9
    ok
    Do you want to add more values? y/n [n]:
    y
    Please enter QRadar SIEM address[ 10.196.8.9 ]:
    10.196.8.10
    ok
    Do you want to add more values? y/n [n]:
    n
    Please enter QRadar default port[ 6514 ]:
    6514
    ok
    Please enter QRadar mode[ disabled ]:
    disabled
    ok
    Address: 10.196.8.10
    QRadar port is 6514
    The output mode is disabled
    Is it correct? y/n [y]:
    y
    Do you want to configure data maxSyslogDelayTime settings y/n [y]:
    n
    Do you want to configure data output splunk settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter splunk indexers[ 10.10.1.2 ]:
    y
    'y' is not a valid IP address
    Please enter splunk indexers[ 10.10.1.2 ]:
    10.10.1.2
    Indexer 10.10.1.2 already defined
    Please enter splunk indexers[ 10.10.1.2 ]:
    10.10.1.3
    ok
    Do you want to add more values? y/n [n]:
    n
    Please enter splunk index name[ xyz ]:
    xyz
    ok
    Please enter splunk source type[ ib:dns:captures ]:
    Settings unchanged.
    Please enter splunk default indexer port[ 9997 ]:
    Settings unchanged.
    Please enter splunk mode[ disabled ]:
    hold
    ok
    Indexers:
    10.10.1.2
    10.10.1.3
    Index name is xyz
    Source type is ib:dns:captures
    Default indexer port is 9997
    The output mode is hold
    Is it correct? y/n [y]:
    y
    Do you want to configure data output McAfee settings y/n [y]:

    y

    Please use: '?' for help on available command options.

    Please enter McAfee SIEM address[ 10.196.104.222 ]:

    10.196.104.222

    Address 10.196.104.222 already defined

    Please enter McAfee SIEM address[ 10.196.104.222 ]:

    Settings unchanged.

    Please enter McAfee default port[ 6514 ]:

    Settings unchanged.

    Please enter McAfee mode[ disabled ]:

    disabled

    ok

    Address: 10.196.104.222

    McAfee port is 6514

    The output mode is disabled

    Is it correct? y/n [y]:

    y

    Do you want to configure data syslogBatchSize settings y/n [y]:

    n
    Do you want to configure admin system settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter Greeting banner text[ This is Infoblox Data Connection Virtual Machine ]:
    This is Infoblox Data Connector VM.
    ok
    This is Infoblox Data Connector VM.
    Is it correct? y/n [y]:
    y
    Do you want to configure data input scp settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter SCP users[ dc_scp_user ]:
    dc_scp_user
    Enter password for user dc_scp_user:
    Enter again:
    ok
    Do you want to add more values? y/n [n]:
    n
    Registered user(s):
    admin1
    user123
    dc_scp_user
    Is it correct? y/n [y]:
    y
    Do you want to configure data input grid settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Enter the IP address (or FQDN) of the NIOS Grid Master[ 10.35.5.49 ]:
    Settings unchanged.
    Enter the NIOS admin username[ admin ]:
    Settings unchanged.
    10.35.5.49
    admin
    Is it correct? y/n [y]:
    y
    Do you want to configure data output reporting settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter reporting mode[ hold ]:
    Settings unchanged.
    The output mode is hold
    Is it correct? y/n [y]:
    y

    Setup wizard finished successfully  
  2. After successfully completing the configuration for the Data Connector VM, you can log in to the NIOS Grid and enable the Grid to start capturing DNS queries and/or DNS responses to be sent to the Data Connector VM. For more information, see Configuring DNS Queries and Responses.
  3. You must also add the IP address of the Data Connector VM and the user credentials of the SCP user to the Logging tab -> Advanced tab of the Grid DNS Properties editor. For more information, refer to the Infoblox NIOS Administrator Guide.
    Note: You must add user credentials of only superuser administrators.

  4. For Reporting destinations, use the following command to register the Data Connector VM with the Grid Master:

    data.destination.reporting.registration > register
    Getting Grid Data Connector information... done.
    Generating certificate for Splunk forwarder... done.
    Signing Splunk forwarder certificate with the Grid... done.
    Registering Data Connector with the Grid... done.
    Saving changes to database... done.

...