Configuring NIOS as the Source

Consider the following when configuring NIOS as the source:

To capture DNS query and response data from Infoblox Grid, you must configure certain settings in NIOS to enable Data Connector to collect DNS data from Grid members and then send the data to designated destinations.
An RO (Read-Only) user permission is required to receive data from NIOS as DNS Query and Response logs or as RPZ logs, or to receive IPAM meta data from NIOS.
When RPZ logs are sent from NIOS to Data Connector, the time zone for a NIOS member is displayed, not UTC. If the NIOS member’s time zone is set to UTC, it will be displayed correctly as UTC.

To create sources for Data Connector traffic flows, do the following:

Log in to the Infoblox Portal.
Click Configure > Integrations > Data Connector.
Select the Source Configuration tab, and click Create.
From the Create drop-down list, select NIOS.
In the Create NIOS Source Configuration wizard, do the following:
- Name: Provide a name that will distinguish this source from others.
- Description: Provide a description that does not exceed 256 characters.
- State: Use the slider to enable or disable the source’s configuration. The source’s configuration will be in effect only after you enable it; if you disable it, you will not be able to select this source when you create a traffic flow.
- Tags: Click Add and specify the following to associate a key with the source:
  - KEY: Enter a meaningful name for the key, such as a location or department.
  - VALUE: Enter a value for the key. For details, see Managing Tags.
- Source Data Type: Select the type of source data you want the Data Connector to collect from this source.
  
  The Data Connector supports specific traffic flows for specific source data. When you configure this source in a traffic flow, be sure to select a supported destination in your traffic flows. For details, see Supported Traffic Flows.

CREDENTIALS FOR GRID MASTER CONFIGURATION:
- FQDN/IP: Enter the FQDN or the IP address of the source.
- User Name: Enter the user name for the source credentials. The Data Connector uses this entry to access the source appliance.
- Password: Enter the password for the source credentials. The Data Connector uses this password to access the source appliance.
- Insecure Mode: If you do not upload a CA certificate, this checkbox will be selected by default, the user-provided credentials will not be encrypted, and Data Connector will perform authentication by using just the credentials.
- CA Certificate: Click Select file to upload the CA-signed certificate for the NIOS appliance. If the certificate is valid, then Data Connector will secure the connection by using the credentials as well as the certificate.
To allow the transfer of query and response log data, you must give Data Connector access it needs to collect this data through SCP. In the SCP CREDENTIALS FOR DNS QUERY LOGS TRANSFER section, provide the following information:
- User Name: Enter the user name used to access the SCP server. The Data Connector uses SCP to communicate with the source.
- Password: Enter the password for the SCP server.
If you select RPZ Logs as the type of source data, you must upload the security certificate for the Data Connector to access the RPZ logs. In Certificate for RPZ Logs, Click Select file and navigate to the RPZ certificate to upload it.

In NIOS, the setting for IPAM Metadata/DHCP Lease Information should be Enabled in your Data Connector settings found at Configure > Manage > Data Connector > Traffic Flow Configuration. This applies to any connector where the Source is NIOS. Open Settings in NIOS and look under NIOS Configuration for details.

Users can use the certificates provided by their organizations. To view an example of how to create a self-signed certificate for viewing RPZ logs, see Creating a Self-Signed Certificate for RPZ Log.

For more information, see the following: