Infoblox Logstash filter (named, dhcpd and httpd)

Introduction

Infoblox is a DDI (DNS, DHCP, and IP address management solution) which simplifies network management a lot. Over the past 8 years I was able to work with it and never looked into another solution, as it completely fulfills all our DNS and DHCP needs. During that time, I’ve been finetuning my Infoblox Logstash grok patterns and index template mappings. As I didn’t found any existing Infoblox Logstash grok patterns, I decided to make them open source. You can download the Logstash configuration file on GitHub here. There is also a template included with the mappings for Elasticsearch. 

Infoblox Logstash

Infoblox Logging

Thanks to Infoblox, we can:

  • Consolidate DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console
  • Centrally orchestrate DDI functions across diverse infrastructure
  • Boost IT efficiency and automation by seamlessly integrating with other IT systems (such as Rundeck) through RESTful APIs

Infoblox has integrated reporting & analytics capabilities, but imho DNS and DHCP related logs are on the top priority list for sending to a log aggregator, such as Elasticsearch or NLS. DHCP and DNS logs allow us to link ip addresses to device hostnames and mac addresses. As ip addresses are logged everywhere, this is a vital log source in order to trace what happened by who on your network. A good Logstash filter is able to parse all the relevant fields, so they can be used in aggregations. 

Infoblox Logstash Configuration

Please note hat I’m not using a syslog input, but a tcp input. I’ve had considerable issue with the default syslog patterns used by Elasticsearch.  Apart from that I prefer to apply my own field names for syslog data. Using my own custom syslog grok pattern allows me to match the parsed field to our internally used naming conventions. Feel free to adjust the field names as needed.

 

 

 

 

Safer Internet Day

What is Safer Internet Day?

Today, Tuesday 07 / 02 17 is Safer Internet Day! This initiative debuted in 2005 to raise awareness of emerging online issues.

This year’s theme is:

Be the change: Unite for a better Internet

All over the world, events and activities are taking place to ‘celebrate’. Register here for detailed information on this and future ‘Safer Internet Day’ events. Or follow #SaferInternetDay on Twitter or Facebook and support this cool and necessary initiative!

Safer Internet Day

Basic Security Guidelines

Strong Password Policy

  • Use strong passwords
  • Use different passwords on every website
  • Use a password manager such as KeePass to securely store your passwords

Updated Software

Always update the software you are using to the latest version as soon as possible. It doesn’t really matter which operating system you are using, those updates are released for a reason. If possible, configure your systems to update automatically. That way you won’t forget it!

Sensitive Information

Do not enter sensitive information when you are not browsing on an encrypted website. Always check the url you are browsing. Is it ‘green’ and does it starts with https? That means all the traffic from and to this website is encrypted and can’t be sniffed. Make sure you entered the correct url. Hackers are able to create scam websites that look exactly like the real thing. 

General Internet Guidelines

Be the change

Make the Internet a great place for all. 

Be kind

Think carefully about the impact on others before sharing something online. Make sure you have a positive impact!

Be you

Think before you share something online. What you share online could be there forever, can be misinterpreted or could reveal personal information about you. 

Be a digital citizen

Report anything you see online, including images and videos, which are offensive, upsetting or inappropriate.

Be a critical thinker

Seeing is not believing… When you see something online take a moment to see the full picture. Not everything or everyone online can be trusted.

Be safe

Wherever you go, make sure you are browsing the Internet in a secure way.