Skip to main content
Skip table of contents

2503 - Configuring Syslog settings in NIOS

Scenario

Your security team wants to make sure that all log messages from the Grid are being sent to the central log server for auditing and archiving purposes. Please make the necessary configuration changes.

Estimate Completion Time

  • 15 to 20 minutes

Credentials

Description

Username

Password

URL or IP

Grid Manager UI

admin

infoblox

https://10.100.0.100/

Requirements

  • Administrative access to the Grid

Course References

  • 1002: Using the NIOS Grid Manager UI

  • 2002: Managing NIOS Grid and Grid Members

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab

Launch Lab

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png

Tasks

Task 1: Configuring external syslog settings

Login to the GM interface and make the necessary changes to send syslog and audit log messages to the external log server support-server) located at 10.35.22.20.

Task 2: Verifying on external syslog server

Login to the jump-desktop and use the Elasticsearch tool to verify syslog messages from the Grid are showing up.

The easiest way to generate some log messages is to log out of the GM, and log back in. These actions will trigger new Audit logs.



Solutions

Task 1 Solution: Configuring external syslog settings

Configure the Grid to send syslog messages by UDP to your support-server: 10.35.22.20.

  1. Login to NIOS GM web interface, navigate to Grid → Grid Manager.

  2. From the Toolbar on the right side of the window, select Grid Properties.

  3. The Grid Properties Editor dialog window appears. Select the Monitoring tab on the left.

  4. Place a check mark in the box for Log to External Syslog Servers.

  5. In the section EXTERNAL SYSLOG SERVERS, click the Add (+) button to add a server.

    1. For Address, enter 10.35.22.20

    2. For Transport, set to UDP

    3. Leave all other settings at their default values

    4. Click Add to add this External syslog server.

  6. Scroll down further, place a check mark in the box for Copy Audit Log Message to Syslog

  7. Click Save & Close

Task 2 Solution: Verifying logs on the external syslog server

Use Elasticsearch on the jump Desktop to verify that the Grid is sending Syslog and audit log messages

  1. Open Elasticsearch by clicking on the Infoblox logo/start menu at the bottom left corner of your Linux Desktop

  2. Choose Elasticsearch from the list

  3. Elasticsearch opens in a web browser window

  4. Login with username: training and password infoblox

  5. Skip adding integrations and click Explore on my own

  6. Open the menu by clicking the three lines below elastic from the top left of the screen

  7. Select Logs under Observability

  8. This opens the Logs Stream section, where we can search for log sources.

  9. To find entries logged by the GM, type in log.source.address:10.100.0.100*  in the search box

  10. Entries sent from the Infoblox GM appear under the Message heading

  11. Your listing of events will differ from the example shown here

  12. Close the browser tab to exit Elasticsearch


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.