Document toolboxDocument toolbox

Setting up the NIOS Grid

Owned by Shirly Tsang
Last updated: Sept 11, 2024 by Alex Mandel
2 min read

To connect the Data Connector server to NIOS and to forward output files to a supported destination, you must register the server with Infoblox Grid and configure certain NIOS parameters; doing so will allow Data Connector to collect data from Infoblox Grid. If you configure the NIOS reporting server as a destination in a traffic flow, you will be able to register only one Data Connector with a grid.

  • Infoblox supports NIOS 8.4.x for data transfer of RPZ hits. For this reason, if your grid is running NIOS 7.3.x or 8.3.x, you might not be able to collect RPZ hit–related data from NIOS.
  • To forward output files to a reporting destination, you must register Data Connector with Grid Master. However, to forward these files to an Infoblox Infoblox Threat Defense or a syslog too, registration is not required l.
  • To reduce data transfer between Infoblox Grid, Data Connector, and destinations, enable the NIOS Object Change Tracking feature. After you enable this feature, the appliance will track the changes made to NIOS objects and will periodically synchronize the objects you have changed.
  • You must configure the NIOS appliance to send syslog messages to an external Data Connector over TCP. By default, the NIOS appliance sends these messages over UDP.

Advisory

The NIOS UI provides a mechanism for filtering the domains it sends to Data Connector. NIOS sends cache logs; for this reason, when configuring NIOS for use with Data Connector, also configure Data Connector to exclude internal corporate and authoritative domains:

*.<corp domains> or*.<Authoritative Zones> 

When corporate and authoritative domains are excluded, internal traffic logs will not be added. The complete list of domains to be excluded is listed here as a downloadable test file.

The screenshot shows the Member DNS Properties window, where the Toggle Basic Mode switch is on and the Logging tab is selected. In the Logging tab, the Advanced tab is open and shows the Advanced settings.
ImageThe configuration panel from NIOS, specifically for setting up DNS properties in relation to a Data Connector.

To configure the NIOS appliance to send messages over the TCP, do the following:

  1. Log in to the Grid Master.
  2. Go to the Grid tab, Grid Manager tab, and then Members tab.
  3. Click Grid Properties > Edit in the toolbar.
  4. In the Grid Properties editor, open the Monitoring tab, select the Log to External Syslog Servers checkbox, click the Add icon, and then specify the IP address of the Data Connector VM.
  5. Select Secure TCP or TCP as the Transport option.

For more information about syslogs, refer to the Infoblox NIOS Administrator Guide.