Saucepan

User Tools

Site Tools

Trace: install_guacamole deploy_reporting_vm bash
infoblox_nios:logging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:logging [2024/02/23 05:38] bstaffordinfoblox_nios:logging [2025/12/07 13:07] (current) bstafford
Line 3: Line 3:
  
 REMEMBER! If you have query logging enabled, if the box is busy then you can easily build up to the point where all logs only go back 1 hour and the support bundle is 3.3Gb. REMEMBER! If you have query logging enabled, if the box is busy then you can easily build up to the point where all logs only go back 1 hour and the support bundle is 3.3Gb.
 +===== Query Logging Warning =====
 +NIOS 9.0.7 introduced a useful warning when query/response logging is enabled (basically, don't do it unless you know what you are doing because it could have a massive impact on performance - expecially if you have configured the system to send all the logs out via SYSLOG.
 +
 +You can disable the warning with:
 +<code>set query_logging_warnings off</code>
 +<code>set query_logging_warnings on</code>
 ===== Syslog Errors ===== ===== Syslog Errors =====
  
Line 11: Line 17:
   * (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.   * (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.
   * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.   * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.
-  * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.  
   * (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15   * (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15
   * (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16   * (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16
 +  * (ALERT) Type: OSPF, State: Red, Event: An OSPF routing daemon failure has occurred. 
 +  * (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred. 
   * (ALERT) Type: Replication, State: Red, Event: Offline   * (ALERT) Type: Replication, State: Red, Event: Offline
   * (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.   * (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.
   * (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128   * (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128
 +  * (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred. 
 +  * (ALERT) Type: DFP, State: Red, Event: NIOS/DFP Service has failed. Cloud/DFP is unhealthy. state change from 142 to 141
   * (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106   * (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106
   * (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168   * (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168
   * (ERROR) Type: DFP, State: Yellow, Event: NIOS/DFP Service is stopped by user. Cloud/DFP is healthy. state change from 142 to 143   * (ERROR) Type: DFP, State: Yellow, Event: NIOS/DFP Service is stopped by user. Cloud/DFP is healthy. state change from 142 to 143
   * (ERROR) Type: Replication, State: Yellow, Event: Synchronizing with grid   * (ERROR) Type: Replication, State: Yellow, Event: Synchronizing with grid
 +  * (ERROR) Type: DOT_DOH, State: Yellow, Event: DoT/DoH is enabled. You must manually reboot NIOS for DoT and DoH features. state change from 152 to 150
 ===== Audit Log Rolling ===== ===== Audit Log Rolling =====
 The audit log file has a maximum size of 100Mb. When the limit is reached, the file is wiped (or FIFO overwritten) and starts to fill up again. If rolling is enabled, then a backup of the file is taken before it is deleted. Up to nine rolled log files can be stored. e.g The audit log file has a maximum size of 100Mb. When the limit is reached, the file is wiped (or FIFO overwritten) and starts to fill up again. If rolling is enabled, then a backup of the file is taken before it is deleted. Up to nine rolled log files can be stored. e.g
Line 34: Line 44:
   * audit.log.8   * audit.log.8
   * audit.log.9   * audit.log.9
 +===== Backup Logs =====
  
 +Succeful backup via SCP generates the following syslog
 +  * Facility: Daemon
 +  * Level: Notice
 +  * Server: scheduled_scp_backups
 +  * Message: Scheduled backup to the SCP server was successful - Backup file /dir/path/to/backup/<gridname>_2025_07_25_11_15.tar.gz
 +
 +Successful backup locally generates the following syslog
 +  * Facility: Daemon
 +  * Level: Notice
 +  * Server: manage_scheduled_backups
 +  * Message: Backup to LOCAL was successful - Backup file /storage/backup/BACKUP_2025_07_25_11_15.tar.gz
 +
 +
 +===== DTC Logging =====
 +See [[infoblox_nios:dtc|DTC]] page for details on logging.
 ===== Downloading SYSLOG ===== ===== Downloading SYSLOG =====
 Under Administration > Logs > SysLog, you can Under Administration > Logs > SysLog, you can
Line 98: Line 124:
   * daemon NOTICE named[3391445] running   * daemon NOTICE named[3391445] running
  
 +====== RPZ Loggging =====
 +RPZ_SEVERITY
 +  * Informational = 4
 +  * Warning = 6
 +  * Major = 7
 +  * Critical = 8
 +
 +
 +MITIGATION_ACTION
 +  * A1 = Substitute
 +  * PT = Passthru
 +  * NX = No Such DOMAIN_NAME
 +  * ND = No Domain
 +
 +Log Breakdown
 +  * TIMESTAMP=2025-05-28 12:39:26,
 +  * VIEW=_default,
 +  * CLIENT=192.168.1.2,
 +  * RPZ_SEVERITY=7,
 +  * DOMAIN_NAME=www.slashdot.org,
 +  * RPZ_QNAME=www.slashdot.org.forward-control,
 +  * MITIGATION_ACTION=A1,
 +  * REDIRECTION_RECORD=N/A,
 +  * CAT=RPZ:forward-control,
 +  * GST=0,
 +  * LID=N/A
 +  
 +  <code>TIMESTAMP=2025-05-28 12:50:11,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=passthru.slashdot.org,RPZ_QNAME=passthru.slashdot.org.forward-control,MITIGATION_ACTION=PT,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
 +  <code>TIMESTAMP=2025-05-28 12:50:04,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=nosuchdomain.slashdot.org,RPZ_QNAME=nosuchdomain.slashdot.org.forward-control,MITIGATION_ACTION=NX,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
 +  <code>TIMESTAMP=2025-05-28 12:49:55,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=blockname.slashdot.org,RPZ_QNAME=blockname.slashdot.org.forward-control,MITIGATION_ACTION=ND,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
  
  
  
infoblox_nios/logging.1708666709.txt.gz · Last modified: by bstafford