Saucepan

User Tools

Site Tools

Trace: install_ubuntu20.04 sslmgr dhcp install_gitolite install_tigervnc fips deploy_reporting_vm wireshark install_samba region_codes
infoblox_nios:logging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:logging [2024/02/23 05:36] – [Syslog Errors] bstaffordinfoblox_nios:logging [2025/12/07 13:07] (current) bstafford
Line 1: Line 1:
 ====== NIOS Logging ====== ====== NIOS Logging ======
 [[https://docs.infoblox.com/space/nios90/193692008/Syslog|Syslog Documentation Examples]] [[https://docs.infoblox.com/space/nios90/193692008/Syslog|Syslog Documentation Examples]]
 +
 +REMEMBER! If you have query logging enabled, if the box is busy then you can easily build up to the point where all logs only go back 1 hour and the support bundle is 3.3Gb.
 +===== Query Logging Warning =====
 +NIOS 9.0.7 introduced a useful warning when query/response logging is enabled (basically, don't do it unless you know what you are doing because it could have a massive impact on performance - expecially if you have configured the system to send all the logs out via SYSLOG.
 +
 +You can disable the warning with:
 +<code>set query_logging_warnings off</code>
 +<code>set query_logging_warnings on</code>
 ===== Syslog Errors ===== ===== Syslog Errors =====
  
Line 9: Line 17:
   * (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.   * (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.
   * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.   * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.
-  * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.  
   * (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15   * (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15
   * (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16   * (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16
 +  * (ALERT) Type: OSPF, State: Red, Event: An OSPF routing daemon failure has occurred. 
 +  * (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred. 
   * (ALERT) Type: Replication, State: Red, Event: Offline   * (ALERT) Type: Replication, State: Red, Event: Offline
   * (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.   * (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.
   * (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128   * (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128
 +  * (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred. 
 +  * (ALERT) Type: DFP, State: Red, Event: NIOS/DFP Service has failed. Cloud/DFP is unhealthy. state change from 142 to 141
   * (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106   * (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106
   * (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168   * (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168
   * (ERROR) Type: DFP, State: Yellow, Event: NIOS/DFP Service is stopped by user. Cloud/DFP is healthy. state change from 142 to 143   * (ERROR) Type: DFP, State: Yellow, Event: NIOS/DFP Service is stopped by user. Cloud/DFP is healthy. state change from 142 to 143
   * (ERROR) Type: Replication, State: Yellow, Event: Synchronizing with grid   * (ERROR) Type: Replication, State: Yellow, Event: Synchronizing with grid
 +  * (ERROR) Type: DOT_DOH, State: Yellow, Event: DoT/DoH is enabled. You must manually reboot NIOS for DoT and DoH features. state change from 152 to 150
 ===== Audit Log Rolling ===== ===== Audit Log Rolling =====
 The audit log file has a maximum size of 100Mb. When the limit is reached, the file is wiped (or FIFO overwritten) and starts to fill up again. If rolling is enabled, then a backup of the file is taken before it is deleted. Up to nine rolled log files can be stored. e.g The audit log file has a maximum size of 100Mb. When the limit is reached, the file is wiped (or FIFO overwritten) and starts to fill up again. If rolling is enabled, then a backup of the file is taken before it is deleted. Up to nine rolled log files can be stored. e.g
Line 32: Line 44:
   * audit.log.8   * audit.log.8
   * audit.log.9   * audit.log.9
 +===== Backup Logs =====
  
 +Succeful backup via SCP generates the following syslog
 +  * Facility: Daemon
 +  * Level: Notice
 +  * Server: scheduled_scp_backups
 +  * Message: Scheduled backup to the SCP server was successful - Backup file /dir/path/to/backup/<gridname>_2025_07_25_11_15.tar.gz
 +
 +Successful backup locally generates the following syslog
 +  * Facility: Daemon
 +  * Level: Notice
 +  * Server: manage_scheduled_backups
 +  * Message: Backup to LOCAL was successful - Backup file /storage/backup/BACKUP_2025_07_25_11_15.tar.gz
 +
 +
 +===== DTC Logging =====
 +See [[infoblox_nios:dtc|DTC]] page for details on logging.
 ===== Downloading SYSLOG ===== ===== Downloading SYSLOG =====
 Under Administration > Logs > SysLog, you can Under Administration > Logs > SysLog, you can
Line 96: Line 124:
   * daemon NOTICE named[3391445] running   * daemon NOTICE named[3391445] running
  
 +====== RPZ Loggging =====
 +RPZ_SEVERITY
 +  * Informational = 4
 +  * Warning = 6
 +  * Major = 7
 +  * Critical = 8
 +
 +
 +MITIGATION_ACTION
 +  * A1 = Substitute
 +  * PT = Passthru
 +  * NX = No Such DOMAIN_NAME
 +  * ND = No Domain
 +
 +Log Breakdown
 +  * TIMESTAMP=2025-05-28 12:39:26,
 +  * VIEW=_default,
 +  * CLIENT=192.168.1.2,
 +  * RPZ_SEVERITY=7,
 +  * DOMAIN_NAME=www.slashdot.org,
 +  * RPZ_QNAME=www.slashdot.org.forward-control,
 +  * MITIGATION_ACTION=A1,
 +  * REDIRECTION_RECORD=N/A,
 +  * CAT=RPZ:forward-control,
 +  * GST=0,
 +  * LID=N/A
 +  
 +  <code>TIMESTAMP=2025-05-28 12:50:11,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=passthru.slashdot.org,RPZ_QNAME=passthru.slashdot.org.forward-control,MITIGATION_ACTION=PT,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
 +  <code>TIMESTAMP=2025-05-28 12:50:04,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=nosuchdomain.slashdot.org,RPZ_QNAME=nosuchdomain.slashdot.org.forward-control,MITIGATION_ACTION=NX,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
 +  <code>TIMESTAMP=2025-05-28 12:49:55,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=blockname.slashdot.org,RPZ_QNAME=blockname.slashdot.org.forward-control,MITIGATION_ACTION=ND,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
  
  
  
infoblox_nios/logging.1708666580.txt.gz · Last modified: by bstafford