Versions Compared

Old Version 1

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To export logs, complete the following:

  1. Log in to

...

  1. Infoblox Portal.

  2. Go to

...

  1. Configure > Administration

...

  1.  > Log Export.

  2. On the Log Export page, complete the following:

Step 1: Select the checkboxes of the logs that you want to receive in your S3 bucket.

  • Response logs: These logs contain information about the DNS queries and responses sent

    to BloxOne Threat Defense Cloud

    to Infoblox Platform through DNS Firewall and the Infoblox Data Connector, provided that they are set up and configured properly.

  • RPZ logs: These logs contain information related to the RPZ hits for all clients and policies. You will receive RPZ logs only if you have set up the DNS Firewall service for your on-prem Infoblox appliances.

  • IP metadata: These are IPAM (IP Address Management) data related to the DNS zones and records that have been created, modified, or deleted through your Infoblox NIOS and virtual NIOS appliances. This information is channeled through the Infoblox Data Connector. Ensure that you have set up the Data Connector in your network infrastructure to receive these logs.

  • DDI DHCP logs: These logs contain information about DHCP requests and responses sent to

    BloxOne

    Universal DDI and Data Connector provided that they are set up and configured properly.

  • DDI DNS logs: These logs contain information about DNS queries and responses sent to

    BloxOne

    Universal DDI and Data Connector provided that they are set up and configured properly.

  • Security logs: Security logs contain security-related events in the system. These logs include: app source, user, event types (such as unsuccessful login), and date/time event information.

Step 2: Enter the name of your S3 bucket with which you want BloxOne Threat Defense Cloud want Infoblox Platform to synchronize log data. BloxOne Threat Defense Cloud  Infoblox Platform uses the following URL format:

s3://<bucketname>/
where <bucketname> = The S3 bucket name.

Note that BloxOne Threat Defense Cloud that Infoblox Platform validates the bucket name to ensure that it is unique. You might need to change the bucket name if BloxOne Threat Defense Cloud if Infoblox Platform detects a duplicate bucket name.

Step 3: Click Export to save your configuration and have BloxOne Threat Defense Cloud have Infoblox Platform start sending the log data to your S3 bucket. Once you click Export, the button toggles to Disable.