Infoblox is a DDI (DNS, DHCP, and IP address management solution) which simplifies network management a lot. Over the past 8 years I was able to work with it and never looked into another solution, as it completely fulfills all our DNS and DHCP needs. During that time, I’ve been finetuning my Infoblox Logstash grok patterns and index template mappings. As I didn’t found any existing Infoblox Logstash grok patterns, I decided to make them open source. You can download the Logstash configuration file on GitHub here. There is also a template included with the mappings for Elasticsearch.
Thanks to Infoblox, we can:
- Consolidate DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console
- Centrally orchestrate DDI functions across diverse infrastructure
- Boost IT efficiency and automation by seamlessly integrating with other IT systems (such as Rundeck) through RESTful APIs
Infoblox has integrated reporting & analytics capabilities, but imho DNS and DHCP related logs are on the top priority list for sending to a log aggregator, such as Elasticsearch or NLS. DHCP and DNS logs allow us to link ip addresses to device hostnames and mac addresses. As ip addresses are logged everywhere, this is a vital log source in order to trace what happened by who on your network. A good Logstash filter is able to parse all the relevant fields, so they can be used in aggregations.
Infoblox Logstash filter (named, dhcpd and httpd)
Please note hat I’m not using a syslog input, but a tcp input. I’ve had considerable issue with the default syslog patterns used by Elasticsearch. Apart from that I prefer to apply my own field names for syslog data. Using my own custom syslog grok pattern allows me to match the parsed field to our internally used naming conventions. Feel free to adjust the field names as needed.
What is Safer Internet Day?
Today, Tuesday 07 / 02 17 is Safer Internet Day! This initiative debuted in 2005 to raise awareness of emerging online issues.
This year’s theme is:
Be the change: Unite for a better Internet
All over the world, events and activities are taking place to ‘celebrate’. Register here for detailed information on this and future ‘Safer Internet Day’ events. Or follow #SaferInternetDay on Twitter or Facebook and support this cool and necessary initiative!
Basic Security Guidelines
Strong Password Policy
- Use strong passwords
- Use different passwords on every website
- Use a password manager such as KeePass to securely store your passwords
Always update the software you are using to the latest version as soon as possible. It doesn’t really matter which operating system you are using, those updates are released for a reason. If possible, configure your systems to update automatically. That way you won’t forget it!
Do not enter sensitive information when you are not browsing on an encrypted website. Always check the url you are browsing. Is it ‘green’ and does it starts with https? That means all the traffic from and to this website is encrypted and can’t be sniffed. Make sure you entered the correct url. Hackers are able to create scam websites that look exactly like the real thing.
General Internet Guidelines
Be the change
Make the Internet a great place for all.
Think carefully about the impact on others before sharing something online. Make sure you have a positive impact!
Think before you share something online. What you share online could be there forever, can be misinterpreted or could reveal personal information about you.
Be a digital citizen
Report anything you see online, including images and videos, which are offensive, upsetting or inappropriate.
Be a critical thinker
Seeing is not believing… When you see something online take a moment to see the full picture. Not everything or everyone online can be trusted.
Wherever you go, make sure you are browsing the Internet in a secure way.