Saucepan

User Tools

Site Tools

Trace: bash dhcp install_tigervnc install_apex_ssl ping deploy_reporting_vm wireshark
infoblox_nios:logging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:logging [2024/02/25 20:48] – [Syslog Errors] bstaffordinfoblox_nios:logging [2025/12/07 13:07] (current) bstafford
Line 3: Line 3:
  
 REMEMBER! If you have query logging enabled, if the box is busy then you can easily build up to the point where all logs only go back 1 hour and the support bundle is 3.3Gb. REMEMBER! If you have query logging enabled, if the box is busy then you can easily build up to the point where all logs only go back 1 hour and the support bundle is 3.3Gb.
 +===== Query Logging Warning =====
 +NIOS 9.0.7 introduced a useful warning when query/response logging is enabled (basically, don't do it unless you know what you are doing because it could have a massive impact on performance - expecially if you have configured the system to send all the logs out via SYSLOG.
 +
 +You can disable the warning with:
 +<code>set query_logging_warnings off</code>
 +<code>set query_logging_warnings on</code>
 ===== Syslog Errors ===== ===== Syslog Errors =====
  
Line 11: Line 17:
   * (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.   * (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.
   * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.   * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.
-  * (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.  
   * (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15   * (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15
   * (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16   * (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16
 +  * (ALERT) Type: OSPF, State: Red, Event: An OSPF routing daemon failure has occurred. 
 +  * (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred. 
   * (ALERT) Type: Replication, State: Red, Event: Offline   * (ALERT) Type: Replication, State: Red, Event: Offline
   * (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.   * (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.
   * (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128   * (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128
 +  * (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred. 
 +  * (ALERT) Type: DFP, State: Red, Event: NIOS/DFP Service has failed. Cloud/DFP is unhealthy. state change from 142 to 141
   * (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106   * (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106
   * (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168   * (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168
Line 35: Line 44:
   * audit.log.8   * audit.log.8
   * audit.log.9   * audit.log.9
 +===== Backup Logs =====
  
 +Succeful backup via SCP generates the following syslog
 +  * Facility: Daemon
 +  * Level: Notice
 +  * Server: scheduled_scp_backups
 +  * Message: Scheduled backup to the SCP server was successful - Backup file /dir/path/to/backup/<gridname>_2025_07_25_11_15.tar.gz
 +
 +Successful backup locally generates the following syslog
 +  * Facility: Daemon
 +  * Level: Notice
 +  * Server: manage_scheduled_backups
 +  * Message: Backup to LOCAL was successful - Backup file /storage/backup/BACKUP_2025_07_25_11_15.tar.gz
 +
 +
 +===== DTC Logging =====
 +See [[infoblox_nios:dtc|DTC]] page for details on logging.
 ===== Downloading SYSLOG ===== ===== Downloading SYSLOG =====
 Under Administration > Logs > SysLog, you can Under Administration > Logs > SysLog, you can
Line 99: Line 124:
   * daemon NOTICE named[3391445] running   * daemon NOTICE named[3391445] running
  
 +====== RPZ Loggging =====
 +RPZ_SEVERITY
 +  * Informational = 4
 +  * Warning = 6
 +  * Major = 7
 +  * Critical = 8
 +
 +
 +MITIGATION_ACTION
 +  * A1 = Substitute
 +  * PT = Passthru
 +  * NX = No Such DOMAIN_NAME
 +  * ND = No Domain
 +
 +Log Breakdown
 +  * TIMESTAMP=2025-05-28 12:39:26,
 +  * VIEW=_default,
 +  * CLIENT=192.168.1.2,
 +  * RPZ_SEVERITY=7,
 +  * DOMAIN_NAME=www.slashdot.org,
 +  * RPZ_QNAME=www.slashdot.org.forward-control,
 +  * MITIGATION_ACTION=A1,
 +  * REDIRECTION_RECORD=N/A,
 +  * CAT=RPZ:forward-control,
 +  * GST=0,
 +  * LID=N/A
 +  
 +  <code>TIMESTAMP=2025-05-28 12:50:11,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=passthru.slashdot.org,RPZ_QNAME=passthru.slashdot.org.forward-control,MITIGATION_ACTION=PT,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
 +  <code>TIMESTAMP=2025-05-28 12:50:04,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=nosuchdomain.slashdot.org,RPZ_QNAME=nosuchdomain.slashdot.org.forward-control,MITIGATION_ACTION=NX,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
 +  <code>TIMESTAMP=2025-05-28 12:49:55,VIEW=_default,CLIENT=192.168.1.12,RPZ_SEVERITY=7,DOMAIN_NAME=blockname.slashdot.org,RPZ_QNAME=blockname.slashdot.org.forward-control,MITIGATION_ACTION=ND,REDIRECTION_RECORD=N/A,CAT=RPZ:forward-control,GST=0,LID=N/A</code>
 +  
  
  
  
infoblox_nios/logging.1708894085.txt.gz · Last modified: by bstafford