Saucepan

User Tools

Site Tools

Trace: rpz_feeds browsers dhcp ipv6 firewall_rules sizing dnssec dig troubleshooting logging
infoblox_nios:logging

This is an old revision of the document!

Table of Contents

NIOS Logging

Syslog Documentation Examples

REMEMBER! If you have query logging enabled, if the box is busy then you can easily build up to the point where all logs only go back 1 hour and the support bundle is 3.3Gb.

Syslog Errors

Member offline log: Facily = User Server = monitor Level = ALERT or ERROR

  • (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.
  • (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.
  • (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15
  • (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16
  • (ALERT) Type: OSPF, State: Red, Event: An OSPF routing daemon failure has occurred.
  • (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred.
  • (ALERT) Type: Replication, State: Red, Event: Offline
  • (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.
  • (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128
  • (ALERT) Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred.
  • (ALERT) Type: DFP, State: Red, Event: NIOS/DFP Service has failed. Cloud/DFP is unhealthy. state change from 142 to 141
  • (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106
  • (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168
  • (ERROR) Type: DFP, State: Yellow, Event: NIOS/DFP Service is stopped by user. Cloud/DFP is healthy. state change from 142 to 143
  • (ERROR) Type: Replication, State: Yellow, Event: Synchronizing with grid
  • (ERROR) Type: DOT_DOH, State: Yellow, Event: DoT/DoH is enabled. You must manually reboot NIOS for DoT and DoH features. state change from 152 to 150

Audit Log Rolling

The audit log file has a maximum size of 100Mb. When the limit is reached, the file is wiped (or FIFO overwritten) and starts to fill up again. If rolling is enabled, then a backup of the file is taken before it is deleted. Up to nine rolled log files can be stored. e.g

  • audit.log
  • audit.log.1
  • audit.log.2
  • audit.log.3
  • audit.log.4
  • audit.log.5
  • audit.log.6
  • audit.log.7
  • audit.log.8
  • audit.log.9

Downloading SYSLOG

Under Administration > Logs > SysLog, you can

  • Export
  • Download
  • Print

Export can be a big file (e.g. I just tested it on a small lab NIOS box and it was 141Mb CSV file). It is uncompressed CSV of everything. However, if you apply a log filter, you will only get filtered results.

Download will give you a file called sysLog.tar.gz that contains a file called messages which is the raw syslog file.

Print will print a screen's worth of logs (about 8 pages).

Other options for getting logs

  • Pulling a support bundle from GM, GUI or WAPI
  • Pushing a support bundle from CLI
  • Fileop function (via WAPI)

Logs on CLI

show log
show log syslog
show log audit
show log syslog follow
show log audit follow
show log syslog tail 5
show log audit tail 5

Logging Samples

Stopping BIND

  • Facility = daemon
  • Level = INFO
  • Server = named[3361284]
  • Message = shutting down
  • Facility = daemon
  • Level = NOTICE
  • Server = named[3361284]
  • Message = exiting
  • Facility = user
  • Level = ALERT
  • Server = monitor[1145192]
  • Message = Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred.

Starting BIND

  • daemon NOTICE named[3391445] starting BIND 9.16.23-S1 (Supported Preview Version) <id:70b08b2>
  • daemon NOTICE named[3391445] running on Linux x86_64 5.8.0-63-generic #71~20.04.1-Ubuntu SMP Thu Jul 15 17:46:08 UTC 2021
  • daemon NOTICE named[3391445] adjusted limit on open files from 22000 to 1048576
  • daemon INFO named[3391445] found 4 CPUs, using 4 worker threads
  • daemon INFO named[3391445] using 4 UDP listeners per interface
  • daemon INFO named[3391445] using up to 21000 sockets
  • daemon INFO named[3391445] loading configuration from '/infoblox/var/named_conf/named.conf'
  • daemon INFO named[3391445] looking for GeoIP2 databases in '/usr/share/GeoIP'
  • daemon INFO named[3391445] using default UDP/IPv4 port range: [32768, 60999]
  • daemon INFO named[3391445] listening on IPv4 interface lo, 127.0.0.1#53
  • daemon INFO named[3391445] listening on IPv4 interface eth1, 192.168.1.53#53
  • daemon INFO named[3391445] all zones loaded
  • daemon INFO named[3391445] 3 zones from zone files
  • daemon NOTICE named[3391445] running
infoblox_nios/logging.1709393804.txt.gz · Last modified: by bstafford