/
Monitoring Tools
Document toolboxDocument toolbox

Monitoring Tools

Owned by Panna .
Oct 03, 2024

You can use the audit log, the replication status, the traffic capture tool, and the capacity report in the Master Grid to monitor administrative activities and capture traffic for diagnostic purposes.
This section includes the following topics:


Using the Audit Lo g
The audit log contains a record of all Infoblox administrative activities. It provides detailed information about the following changes:

  • Timestamp of the change. If you have different admin accounts with different time zone settings, the appliance uses the time zone of the admin account that you use to log in to the appliance to display the date and timestamp.
  • Administrator name
  • Changed object name
  • New value of the object. If you change multiple properties of an object, the audit log lists all changes in a comma-separated log entry. You can also search the audit log to find the new value of an object.
  • Action performed, such as DELETED (deleting an object) or CREATED (adding an object).
  • Object type of the object involved in the task. This is not displayed by default, but you can select this for display.
  • Object name
  • Detailed information about the performed task

The appliance logs the following successful operations:

  • Logins to Multi-Grid Manager and the API.
  • Logout events, including when users log out by clicking the Logout button, when the Multi-Grid Manager GUI times out, and when users are logged out due to an error.
  • Write operations such as the addition, modification, and deletion of objects.
  • System management operations such as appliance reboots.
  • Scheduled tasks such as adding an A record or modifying a fixed address.

Enabling Audit Log Rolling

When the audit log reaches its maximum size, which is 100 MB, the appliance automatically writes the file into a new file by adding a .0 extension to the first file and incrementing subsequent file extensions by 1. Files are compressed during the rotation process, adding a .gz extension following the numerical increment (file.#.gz). The sequential incrementation goes from zero through nine. When the eleventh file is started, the tenth log file (file.9.gz) is deleted, and subsequent files are renumbered accordingly. For example, the current log file moves to file.0.gz, the previous file.0.gz moves to file.1.gz, and so on through file.9.gz. A maximum of 10 log files (0-9) are kept. To list the audit log files and their sizes, log in to the Infoblox CLI and execute the show logfiles command.
To enable audit log rolling:

  1. From the Master Grid tab, select the Members tab, and then click Master Grid Properties -> Edit from the Toolbar.
  2. In the Master Grid Properties editor, select the Security tab, and then select Enable Audit Log Rolling.

Specifying the Audit Log Type

Select either the Detailed (default) or Brief audit log type as follows:

  1. From the Master Grid tab, select the Members tab, and then click Master Grid Properties -> Edit from the Toolbar.
  2. In the Master Grid Properties editor, select the General tab, and then select one of the following:
    Audit Logging:
    • Detailed: This is the default type. When you select this, Multi-Grid Manager displays detailed information on all administrative changes such as the timestamp of the change, administrator name, changed object name, and the new values of all properties in the logged message.
    • Brief: Provides information on administrative changes such as the changed object name and action in the log message. The logged message does not show timestamp or admin name.

Viewing the Audit Log

To view an audit log:

  1. From the Administration tab, select the Logs tab -> Audit Log tab.
  2. Optionally, use the filters to narrow down the audit log messages you want to view. Click Show Filters to enable the filters. Configure the filter criteria, and then click Apply.
    Based on your filter criteria (if any), Multi-Grid Manager displays the following in the Audit Log viewer:
    • Timestamp: The date, time, and time zone the task was performed. The time zone is the time zone configured on the member.
    • Admin: The admin user who performed the task.
    • Action: The action performed. This can be CALLED, CREATED, DELETED, LOGIN_ALLOWED, LOGIN_DENIED, MESSAGE, and MODIFIED.
    • Object Type: The object type of the object involved in this task. This field is not displayed by default. You can select this for display.
    • Object Name: The name of the object involved in this task.
    • Message: Detailed information about the performed task.

You can also do the following in the log viewer:

  • Toggle between the single line view and the multi-line view for display.
  • Navigate to the next or last page of the file using the paging buttons.
  • Refresh the audit log view.
  • Click the Follow icon to have the appliance automatically refresh the log every five seconds.
  • Download the log.
  • Clear the contents of the audit log.
  • Use filters and the Go to function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Go to field and select the object from the possible matches.
  • Create a quick filter to save frequently used filter criteria. For information, see /wiki/spaces/mgmadminguide/pages/911180172.
  • Export or print the content of the log.

Searching in the Audit Log

Instead of paging through the audit log file to locate messages, you can have the appliance search for messages with certain text strings.
To search for specific messages:

  • Enter a search value in the search field below the filters, and then click the Search icon.

The appliance searches through the audit log file and highlights the search value in the viewer. You can use the arrow keys next to the Search icon to locate the previous or next message that contains the search value.

Downloading the Audit Log

You can download the audit log file to a specified directory, if you want to analyze it later. To download an audit log file:

  1. From the Administration tab, select the Logs tab -> Audit Log tab, and then click the Download icon.
  2. Navigate to a directory where you want to save the file, optionally change the file name (the default name is auditLog.tar.gz), and then click OK. If you want to download multiple audit log files to the same location, rename each downloaded file before downloading the next.
    Note: If your browser has a pop-up blocker enabled, you must turn off the pop-up blocker or configure your browser to allow pop-ups for downloading files.

Viewing the Replication Stat us

The Replication Status panel reports the status of the database replication between Master Grid members and the Multi-Grid Master, and between the two nodes in an independent HA pair. You can use this information to check the health of the Grid and HA pair activity.
To view the current replication status, from the Master Grid tab, select the Members tab, and then click Replication Status View.
Multi-Grid Manager can display the following replication information for each member:

  • Name: The FQDN (fully qualified domain name) of the appliance.
  • Send Queue: The size of the queue from the Multi-Grid Master to the Master Grid member.
  • Last Send: The timestamp of the last replication information sent by the Multi-Grid Master.
  • Receive Queue: The size of the queue from the member to the Multi-Grid Master.
  • Last Receive: The timestamp of the last replication information sent received by the Multi-Grid Master.
  • Member Replication Status: The replication status between the member and the Multi-Grid Master. Multi-Grid Manager displays the status in green when the status is fine or red when the member is offline.
  • HA Replication Status: The HA replication status between the active and passive nodes. The status is at the member level, not at the node level. Multi-Grid Manager displays the status in red when one of the nodes is offline.
  • Status: The current operational status of the appliance. The status can be one of the following:
    • Green: The appliance is operating normally in a "Running" state.
    • Yellow: The appliance is connecting or synchronizing with its Multi-Grid Master.
    • Red: The member is offline, is not licensed, is upgrading or downgrading, or is shutting down.
  • IP Address: The IP address of the appliance.
  • Hardware Type: The hardware type of the appliance, such as IB-1550-A.
  • Serial Number: The serial number of the appliance.
  • DB Utilization: The percentage of the database that is currently in use.
  • Comment: Information about the appliance.
  • Site: The location to which the member belongs. This is one of the predefined extensible attributes.
  • HA: Indicates whether the member is an HA pair. If the member is an HA pair, Multi-Grid Manager displays the status of the HA pair.
  • Hardware Model: The hardware model of the appliance.

You can do the following:

  • Use filters to narrow down the list.
  • Create a quick filter to save frequently used filter criteria. For information, see /wiki/spaces/mgmadminguide/pages/911180172.
  • Modify some of the data in the table. Double click a row of data, and either edit the data in the field or select an item from a drop-down list. Note that some fields are read-only. For more information about this feature, see /wiki/spaces/mgmadminguide/pages/911180134.
  • Edit the properties of a member.
    • Click the checkbox beside a member, and then click the Edit icon.
  • Delete a member.
    • Click the checkbox beside a member, and then click the Delete icon.
  • Export or print the list.

Using the Traffic Capture To ol

You can capture the traffic on one or all of the ports on the appliance, and then view it using a third-party network protocol analyzer application, such as the Wireshark – Network Protocol Analyzer™.
The appliance saves all the traffic it captures in a .cap file and compresses it into a .tar.gz file. Your management system must have a utility that can extract the .tar file from the .gzip file, and an application that can read the .cap (capture) file format.
This section explains the process of capturing traffic, and how to download the traffic capture file to your management system. After that, you can extract the traffic capture file and view it with a third-party traffic analyzer application.

Note: The appliance always saves a traffic capture file as tcpdumpLog.tar.gz. If you want to download multiple traffic capture files to the same location, rename each downloaded file before downloading the next.

To capture traffic on a member:

  1. From the Master Grid tab, select the Members tab, and then click Traffic Capture from the Toolbar.
  2. In the Traffic Capture dialog box, complete the following:
    • Member: Multi-Grid Manager displays the selected member on which you want to capture traffic. If no member is displayed or if you want to specify a different member, click Select. When there are multiple members, Multi-Grid Manager displays the Member Selector dialog box from which you can select one. You cannot capture traffic on an offline member.
    • Interface: Select the port on which you want to capture traffic.
      • LAN: Select this to capture all the traffic the LAN port receives and transmits.
      • MGMT: Select this to capture all the traffic the MGMT port receives and transmits.
      • LAN2: Select to capture all the traffic the LAN2 port (if enabled) receives and transmits.
      • All: Select this to capture the traffic addressed to all ports. Note that the appliance only captures traffic that is addressed to it.
    • Seconds to run: Specify the number of seconds you want the traffic capture tool to run.
  3. Capture Control: Click the Start icon to start the capture. A warning message appears indicating that this report will overwrite the existing file. Click Yes. You can click the Stop icon to stop the capture after you start it.
  4. Uncompressed Capture File Size: Click Download to download the captured traffic after the capture stops. Navigate to where you want to save the file, rename it if you want, and then click OK or Save. You cannot download the traffic report when the tool is running. Multi-Grid Manager updates the size of the report when the capture tool is running.
  5. Use terminal window commands (Linux) or a software application (such as StuffIt™ or WinZip™) to extract the contents of the .tar.gz file.
  6. When you see the traffic.cap file in the directory where you extract the .tar.gz file, open it with a third-party network protocol analyzer application.

Using the Capacity Repor t

You can view the capacity usage and object type information of an appliance in a capacity report. The capacity report displays capacity and object type information of the Multi-Grid Master or a Master Grid member. For an HA pair, the report displays information on the active node.
The top half of the panel displays a capacity summary, and the bottom half displays the object types the appliance supports and the total counts for each object type.
To view a capacity report:

  • From the Master Grid tab, select the Members tab -> master_grid_member checkbox, and then click Capacity Report from the Toolbar.

The capacity summary contains the following information:

  • Name: The name of the appliance.
  • Role: The role of the appliance. The value can be Master Grid Master or Master Grid Master Candidate.
  • Hardware Type: The type of hardware. For an HA pair, the report displays the hardware type for both the active and passive nodes.
  • Object Capacity: The maximum number of objects the appliance can support.
  • Total Objects: The total number of objects currently in the database.
  • Capacity Used: The percentage of the capacity in use.

The report categorizes object types you can manage through the appliance. It displays the following information for each object type:

  • Object Type: The type of objects that are supported by the Master Grid, such as Admin or Grid Email Address. For objects that are only used for internal system operations, the report groups and shows them under Other.
  • Total: The total number of objects for a specific object type. You can print the object type information or export it to a CSV file.

Using the Phone Home Feature

Administrators with superuser accounts ca n configure a Multi-Grid Master or member to email reports monthly and after each upgrade to Infoblox Technical Support and other specified recipients. The reports are also included in support bundles that you download.
The reports provide status and event information about the Grid or independent appliance and its services. The report is an XML document that includes the following information:

  • The phone home feature version.
  • The report type, such as periodic and test.
  • The time of the report.
  • The Infoblox Support ID that was assigned to the account.
  • Information about the Grid, such as its version, name, VIP, Multi-Grid Master hostname, LAN IP, and the number of Master Grid members and appliances in the Grid.
  • The upgrade history of the Grid.
  • Information about each Master Grid member, such as the hostname, IP address, status, role (such as standalone, master), and if the member is an HA pair. If the member is a peer in a DHCP failover association, the report also includes the DHCP failover status.
  • Hardware information, such as the hardware type, serial number, HA status, and uptime.
  • Information about the interfaces, such as the interface name and IP addresses.
  • Resource usage information, such as CPU and system temperature, and CPU, database, disk, and memory usage.

Note that if the appliance is configured to send email notifications to an SMTP relay server, as described in/wiki/spaces/mgmadminguide/pages/911181457 /wiki/spaces/mgmadminguide/pages/911181457, the appliance sends the phone home reports to the relay server as well
To configure the Multi-Grid Master to email status reports:

  1. From the Master Grid tab, select the Members tab, and then click Master Grid Properties -> Edit from the Toolbar.
  2. In the Master Grid Properties editor, select the Phone Home tab, and then complete the following:
    • Enable Phone Home: Select this checkbox.
    • Support ID (numeric): Enter the Infoblox Support ID that was assigned to your account. It must be a number with four to 6 digits. This field is required if you are sending the reports to Infoblox Technical Support.
    • Send notifications to:
      • Infoblox Support: Select this to email the reports to Infoblox Technical Support.
      • Additional email addresses: Optionally, you can specify up to 16 additional recipients. Click the Add icon and enter the email addresses of the recipients.
    • Send Test Report: Click this to send a test report to the specified recipients.
  3. Save the configuration.