Document toolboxDocument toolbox

Exporting Logs

Owned by Gary Leicht
Jun 18, 2022
1 min read

Infoblox Platform provides logs that help you troubleshoot and analyze your network security. You can export these logs to a dedicated Amazon S3 bucket. Infoblox Platform currently supports the following log types: response logs, RPZ (Response Policy Zones) logs, IP metadata, DDI DHCP logs, DDI DNS logs, and security logs. Depending on your business needs, you can export all the logs or specific log types.

When you first enable log export, Infoblox Platform extracts the selected logs and send them to your Amazon S3 bucket. Ensure that you have properly set up your S3 bucket and granted access permissions to Infoblox Platform. After the initial data push, Infoblox Cloud synchronizes subsequent log data approximately every hour until you disable the export.

Note

If an export contains a large amount of data, the export process may take over an hour. In such cases, the next batch of exports will start only after the completion of the previous export. 

The Infoblox logs are delivered in parquet format. You can use the Apache parquet tools that Infoblox provides to convert the parquet files to JSON format if necessary. Click here to access the tools. For more information, see Converting Parquet to JSON. For information about the response log file format, see Response Log File Format.

Complete the following tasks to export response logs:

  1. Log in to the Infoblox Portal.
  2. Obtain the Principal ID on the  Log Export page (Configure > Administration > Log Export).
  3. Set up a dedicated Amazon S3 bucket and grant access permissions to Infoblox Platform. For information, see Prerequisites.
    You can use the following sample S3 bucket policy as a reference:

    {

        "Version": "2012-10-17",

        "Statement": [

            {

                "Effect": "Allow",

                "Principal": {

                    "CanonicalUser": "CANONICAL PRINCIPAL ID OBTAINED FROM CSP PORTAL"

                },

                "Action": [

                    "s3:ListBucket",

                    "s3:PutObject"

                ],

                "Resource": [

                    "arn:aws:s3:::s3-bucket-name",

                    "arn:aws:s3:::s3-bucket-name/*"

                ]

            }

        ]

    }

  4. Under Block Public access tab, select the following option: Block public access to buckets and objects granted through any access control lists (ACLs).The screenshot shows the open Block Publish Access tab, where four options are listed, one of which is Block public access to buckets and objects granted through any access control lists (ACLs), and it is on.
  5. Enable log export by selecting the log types, as described in Enabling Response Log Exports.

For more information, see the following: