Introduction
The tags beginning with ddi.infoblox
identify events generated by Infoblox.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed asddi.infoblox
. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
...
Technology
...
Brand
...
Type
...
Subtype
...
ddi
...
infoblox
...
...
...
...
...
general
client
config
dtc
lameServers
network
notify
queries
rateLimit
resolver
infobloxResponses
rpz
security
xferIn
xferOut
unknown
update
updateSecurity
...
...
ntp
ntpdate
monitor
syslogNg
rabbitmq_control
These are the valid tags and corresponding data tables that will receive the parsers' data:
...
Tag
...
Data table
...
ddi.infoblox.audit.serialconsole
...
ddi.infoblox.audit.serialconsole
...
ddi.infoblox.audit.sshd
...
ddi.infoblox.audit.sshd
...
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|
Infoblox solutions | ddi.infoblox.audit.httpd
ddi.infoblox.dns.dtc
ddi.infoblox.audit.serial_console
ddi.infoblox.dns.config
ddi.infoblox.dns.resolver
ddi.infoblox.dns.database
ddi.infoblox.dns.queries
ddi.infoblox.dns.infoblox-responses
ddi.infoblox.dns.query-errors
ddi.infoblox.unknown.unknown
| ddi.infoblox
|
ddi.infoblox.audit.httpd
ddi.infoblox.
|
dhcpdhcpdserial_console
ddi.infoblox.
|
dhcpdhcpddhcp.validate_dhcpddhcpvalidate_dhcpddnsgeneraldnsgeneralserial_console
| ddi.infoblox.
|
dnsclientserial_console
|
ddi.infoblox.
|
dnsclientdnsconfigdnsconfigvalidate_dhcpd
| ddi.infoblox.
|
dns.databasednsdatabasednsdtcdnsdtcvalidate_dhcpd
| ddi.infoblox.
|
dns.lame-serverslameServersnetworknetworkdatabase
ddi.infoblox.dns.
|
notifyresolver
ddi.infoblox.dns.
|
notifyquery-errors
ddi.infoblox.dns.queries
ddi.infoblox.dns.
|
queries.rate-limitrateLimitresolverresolverinfoblox-responsesinfobloxResponsesdatabase
| ddi.infoblox.dns.
|
rpzdatabase
|
ddi.infoblox.dns.
|
rpzsecuritysecurityxfer-inxferInddi..dns.xferoutresponses
| ddi.infoblox.dns.
|
xferOutinfobloxResponses
|
ddi.infoblox.dns.
|
unknownlame-servers
| ddi.infoblox.dns.
|
unknownlameServers
|
ddi.infoblox.dns.
|
updateupdateupdate-securityupdateSecurityniosntpdniosntpdniosntpdatequeries_responses
| ddi.infoblox.
|
niosntpdateddi.infoblox.nios.monitor | ddi.infoblox.nios.monitor |
ddi.infoblox.nios.syslog-ngqueries_responses
Note |
---|
Union table This is a union table that collects events from a set of tables for easy access and analysis. Learn more about this union table in this article. |
|
ddi.infoblox.dns.queryErrors
| ddi.infoblox.
|
niossyslogNgnios.rabbitmq_controldns.rate-limit
| ddi.infoblox.
|
niosrabbitmq_controlunknownunknownunknownunknownHow is the data sent to Devo?
Set up the Devo relay rules
You will need to set up a rule on the relay to correctly process and forward the events received from Infoblox. In the example below, you should use any port that you can dedicate to these events.
...
Infoblox - DNS Categories
Infoblox classifies the DNS logs in different categories. You can know more about this in their documentation: Setting DNS Logging Categories. The table below depicts which Devo Relay rule would process each DNS Logging Category.
Infoblox DNS Logging Categories | Relay rule names |
DDI Infoblox - DNS Categories | DDI Infoblox - DNS Category DTC 1 | DDI Infoblox - DNS Category DTC 2 | DDI Infoblox - unknown DNS Categories |
general | ✓ | client | ✓ | config | ✓ | database | ✓ | dnssec | ✓ | lame servers | ✓ | network | ✓ | notify | ✓ | queries | ✓ | rate-limit | ✓ | resolver | ✓ | responses | ✓ | rpz | ✓ | security | ✓ | transfer-in | ✓ | transfer-out | ✓ | update | ✓ | update-security | ✓ | DTC load balancing | ✓ | DTC health monitors | ✓ | Rules | Relay screenshot |
---|
DDI Infoblox - DNS Categories
Source Port → Customer source port, for example 13004
Source data → ^named\resolver
|
ddi.infoblox.dns.rpz
| ddi.infoblox.dns.rpz
|
ddi.infoblox.dns.security
| ddi.infoblox.dns.security
|
ddi.infoblox.dns.unknown
| ddi.infoblox.dns.unknown
|
ddi.infoblox.dns.update
| ddi.infoblox.dns.update
|
ddi.infoblox.dns.update-security
| ddi.infoblox.dns.updateSecurity
|
ddi.infoblox.dns.xfer-in
| ddi.infoblox.dns.xferIn
|
ddi.infoblox.dns.xfer-out
| ddi.infoblox.dns.xferOut
|
ddi.infoblox.nios.monitor
ddi.infoblox.nios.ntpd
ddi.infoblox.nios.rabbitmq_control
ddi.infoblox.nios.syslog-ng
ddi.infoblox.nios.update
| ddi.infoblox.nios
|
ddi.infoblox.nios.monitor
| ddi.infoblox.nios.monitor
|
ddi.infoblox.nios.ntpd
| ddi.infoblox.nios.ntpd
|
ddi.infoblox.nios.ntpdate
| ddi.infoblox.nios.ntpdate
|
ddi.infoblox.nios.rabbitmq_control
| ddi.infoblox.nios.rabbitmq_control
|
ddi.infoblox.nios.syslog-ng
| ddi.infoblox.nios.syslogNg
|
ddi.infoblox.unknown.unknown
| ddi.infoblox.unknown.unknown
|
How is the data sent to Devo?
Set up the Devo relay rules
You will need to set up a rule on the relay to correctly process and forward the events received from Infoblox. In the example below, you should use any port that you can dedicate to these events.
...
Infoblox - DNS Categories
Infoblox classifies the DNS logs in different categories. You can know more about this in their documentation: Setting DNS Logging Categories. The table below depicts which Devo Relay rule would process each DNS Logging Category.
Infoblox DNS Logging Categories | Relay rule names |
---|
DDI Infoblox - DNS Categories | DDI Infoblox - DNS Category DTC 1 | DDI Infoblox - DNS Category DTC 2 | DDI Infoblox - unknown DNS Categories |
general | ✓ |
|
|
|
client | ✓ |
|
|
|
config | ✓ |
|
|
|
database | ✓ |
|
|
|
dnssec |
|
|
| ✓ |
lame servers | ✓ |
|
|
|
network | ✓ |
|
|
|
notify | ✓ |
|
|
|
queries | ✓ |
|
|
|
rate-limit | ✓ |
|
|
|
resolver | ✓ |
|
|
|
responses | ✓ |
|
|
|
rpz | ✓ |
|
|
|
security | ✓ |
|
|
|
transfer-in | ✓ |
|
|
|
transfer-out | ✓ |
|
|
|
update | ✓ |
|
|
|
update-security | ✓ |
|
|
|
DTC load balancing |
|
| ✓ |
|
DTC health monitors |
| ✓ |
|
|
Rules |
---|
DDI Infoblox - DNS CategoriesSource Port → Customer source port, for example 13004 Source data → ^.*named\[\d*\]:\s+([\S]+): Target Tag → ddi.infoblox.dns.\\d1 Sent without syslog tag → True Is Prefix → False (by default) Stop processing → True
| Image Removed |
DDI Infoblox - DNS Category DTC 2Source Port → Customer source port, for example 13004 Source data → ^nameddata → ^named\[\d*\]:\s+request\s Target Tag → ddi.infoblox.dns.dtc Sent without syslog tag → True Is Prefix →False (by default) Stop processing → True Image Removed |
DDI Infoblox - unknown DNS CategoriesSource Port → Customer source port, for example 13004 Source data → ^(?:import_)?named\[\d*\] Target Tag → ddi.infoblox.dns.unknown Sent without syslog tag → True Is Prefix → False (by default) Stop processing → True Image Removed |
DDI Infoblox - DNS Category DTC 1Source Port → Customer source port, for example 13004 Source data → ^idns_health Target Tag → ddi.infoblox.dns.dtc Sent without syslog tag → True Is Prefix → False (by default) Stop processing → True
| Image Removed |
Infoblox - DHCP
Rules | Relay screenshot |
---|
DDI Infoblox - DHCPSource Port → Customer source port, for example 13004 Source data → ^^.*(validate_dhcpd|dhcpd) Target Tag → ddi.infoblox.dhcp.\\d1 Sent without syslog tag → True Is Prefix → False (by default) Stop processing → True
| Image Removed |
Infoblox - NIOS
Relay screenshot | DDI Infoblox - NIOSSource Port → Customer source port, for example 13004 Source data → ^(ntpdate|monitor|ntpd|rabbitmq_control|syslog-ng) Target Tag → ddi.infoblox.nios.\\d1 Sent without syslog tag → True Is Prefix → False (by default) Stop processing → True
|
Image RemovedInfoblox - Audit
RulesRelay screenshot |
---|
DDI Infoblox - AUDITSource Port → Customer source port, for example 13004 Source data → ^-?.*(serial_console|httpd|sshd) Target Tag → ddi.infoblox.audit.\\d1 Sent without syslog tag → True Is Prefix → False (by default) Stop processing → True Image Removed |
Infoblox - unknown
RulesRelay screenshot |
---|
DDI Infoblox - unknownSource Port → Customer source port, for example 13004 Target Tag → ddi.infoblox.unknown.unknown Sent without syslog tag → True Is Prefix → False (by default) Stop processing → True
| Image Removed |
Configure Infoblox NIOS to send logs to the Relay
...
Infoblox DNS logs have different categories. You can select which categories you would like to send into Devo by following these steps:
Select Data Management tab
Select the DNS tab
Click Grid DNS Properties from the Toolbar
Enable de Advanced Mode by clicking on “Toggle Expert Mode” if the editor is in the basic mode.
Select the Logging tab
Select the Logging Categories you would like to send to Devo.
Save & Close
Note |
---|
NoteEnabling some logging categories can increase disk space usage and adversely affect DNS services and performance. Check with Infoblox whether you are recommended to logging some of these categories. |
...
After saving the changes, you may be prompted to restart the DNS service for the changes to take effect.
...
Follow the next steps to configure your Infoblox to send messages to the Devo Relay:
Select the Grid tab
Select the Grid Manager tab
Select the Members tab
Click Grid Properties from the Toolbar.
In the Grid Properties editor, select the Monitoring tab. You will see a window like this below.
Image Modified
Select “Log to External Syslog Servers” to enable the Infoblox appliance to send messages to a specified Syslog server.
Select also the “Copy Audit Log Message to Syslog” so you will be able to send audit logs to Devo.
To define a new Devo Relay, click the Add icon and complete the following fields:
Address: Devo Relay IP address
Transport: Secure TCP, TCP or UDP. If selecting Secure TCP, you will need to configure Stunnel in front of the Devo Relay so Stunnel will decrypt the logs and send them decrypted to the Devo Relay. Here you can read more about integrating Stunnel with the Devo Relay.
...
- Image Added
Interface: at your convenience.
Node ID: at your convenience.
Source: at your convenience.
Severity: at your convenience.
Port: Devo Relay port or Stunnel port listening for logs. If using the Infoblox option Transport TCP or UDP you must use the Source port of the relay rules you configured previously. If you selected Secure TCP, then you must enter the Stunnel listening port.
Logging category: you must select the option “Send selected categories” and then move to the “Selected” space all the categories you want to send to Devo. The reason for selecting the option “Send selected categories” instead of the option “Send all” is that logs will be prefixed and the Devo parsing will only work for prefixed logs of Infoblox. Read more about Infoblox log prefixes here.
Then click on the Add button and you will see the configured Devo Relay as part of the list of Syslog Servers.
...
- Image Added
Save & Close
After saving the changes, you may be required to do a service restart for the changes to take effect. Your Infoblox appliance will start to send Syslog to your Devo Relay.
Table structure
These are the fields displayed in these tables:
Rw ui tabs macro |
---|
ddi.infobloxField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | type | str
| vtype | | subtype | str
| vsubtype | | hostname | str
| | | server | str
| | | pid | int4
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
ddi.infoblox.auditField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | hostname | str
| | | subtype | str
| vsubtype | | server | str
| | | pid | int4
| | | serverdate | timestamp
| | | admin_user | str
| | | action | str
| | | object_type | str
| | | object_name | str
| | | message | str
| | | srcIp | ip4
| | | to | str
| | | auth | str
| | | admin_group | str
| | | apparently_via | str
| | | info | str
| | | trigger_event | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
ddi.infoblox.audit.httpdField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | serverdate | timestamp
| | admin_user | str
| | action | str
| | object_type | str
| | object_name | str
| | message | str
| | srcIp | ip4
| | to | str
| | auth | str
| | admin_group | str
| | apparently_via | str
| | info | str
| | trigger_event | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.audit.serial_consoleField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | serverdate | timestamp
| | admin_user | str
| | action | str
| | object_type | str
| | object_name | str
| | message | str
| | srcIp | ip4
| | to | str
| | auth | str
| | admin_group | str
| | apparently_via | str
| | info | str
| | trigger_event | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.audit.sshdField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dhcpField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | hostname | str
| | | subtype | str
| vsubtype | | server | str
| | | pid | int4
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
ddi.infoblox.dhcp.dhcpdField | Type | Field transformation | Source field name | Extra fields |
---|
eventdate | timestamp
| | | | hostname | str
| | | | server | str
| | | | pid | int4
| | | | message_type | str
| | | | toAddress | str
| | | | toDeviceId | str
| | | | fromAddress | str
| | | | fromDeviceId | str
| | | | ofAddress | str
| | | | ofDeviceId | str
| | | | onAddress | str
| | | | onDeviceId | str
| | | | forAddress | str
| | | | forDeviceId | str
| | | | via | str
| | | | viaDeviceId | str
| | | | TransID | str
| | | | network | str
| | | | uid | str
| | | | message | str
| | | | leaseIpAddress | str
| Code Block |
---|
ifthenelse(message_type in set(["DHCPACK", "DHCPOFFER", "BOOTREPLY", "DHCPEXPIRE", "RELEASE"]), ifthenelse(isnull(onAddress), toAddress, onAddress), null) |
| onAddress toAddress message_type | | leaseHardwareAddress | str
| Code Block |
---|
ifthenelse(message_type in set(["DHCPACK", "DHCPOFFER", "BOOTREPLY", "DHCPEXPIRE", "RELEASE"]), ifthenelse(isnull(onAddress), toDeviceId, toAddress), null) |
| toDeviceId onAddress toAddress message_type | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | | ✓ |
ddi.infoblox.dhcp.validate_dhcpdField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dnsField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | subtype | str
| vsubtype | | hostname | str
| | | server | str
| | | pid | int4
| | | ib_category | str
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
ddi.infoblox.dns.clientField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | action | str
| | name_blacklist | str
| | query_name | str
| | client_ip | ip4
| | client_object | str
| | port | int4
| | dns_client_signer | str
| | dns_view | str
| | info | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.configField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.databaseField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.dtcField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.generalField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | quota_used | int8
| | quota_max | int8
| | quota_soft_limits | int8
| | quota_s_over | int8
| | quota_hard_limit | int8
| | quota_h_over | int8
| | quota_low_pri | int8
| | dns_view | str
| | dns_view_size | int8
| | dns_view_hits | int8
| | dns_view_misses | int8
| | zone_name | str
| | zone_message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.infobloxResponsesField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | serverdate | timestamp
| | client_ip | str
| | port | int4
| | dns_client_signer | str
| | query_name | str
| | dns_view | str
| | protocol | str
| | class | str
| | type | str
| | response_info | str
| | rcode | str
| | flags | str
| | recursion | bool
| | authoritative_answer | bool
| | truncated_response | bool
| | edns_opt_record | bool
| | dnssec | bool
| | dnssec_records_validated | bool
| | dtc_synthetic_record | bool
| | rr_text | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.lameServersField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | action | str
| | query_name | str
| | type | str
| | class | str
| | client_ip | ip4
| | port | int4
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.networkField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_ip | ip4
| | port | int4
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.notifyField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | zone | str
| | class | str
| | info | str
| | serial | int8
| | client_object | str
| | client_ip | ip4
| | port | int4
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.queriesField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_object | str
| | client_ip | str
| | port | int4
| | dns_client_signer | str
| | query_name | str
| | dns_view | str
| | query | str
| | class | str
| | type | str
| | flags | str
| | recursion_desired | bool
| | query_signed | bool
| | edns | bool
| | edns_version | int4
| | tcp | bool
| | dnssec | bool
| | checking_disabled | bool
| | valid_dns_server_cookie_rcv | bool
| | dns_cookie_without_valid_server_cookie | bool
| | dnsServer | ip4
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.queryErrorsField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_object | str
| | client_ip | str
| | port | int4
| | dns_client_signer | str
| | query_name | str
| | dns_view | str
| | info_error | str
| | error | str
| | action | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.rateLimitField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_object | str
| | client_ip | ip4
| | port | int4
| | dns_client_signer | str
| | query_name | str
| | dns_view | str
| | info | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.resolverField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.rpzField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | action | str
| | zone | str
| | qname_entries | int4
| | nsdname_entries | int4
| | ip_entries | int4
| | nsip_entries | int4
| | clientip_entries | int4
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.securityField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_object | str
| | client_ip | str
| | port | int4
| | dns_client_signer | str
| | query_name | str
| | dns_view | str
| | security_info | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.unknownField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.updateField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_object | str
| | client_ip | str
| | port | int4
| | dns_client_signer | str
| | zone | str
| | dns_view | str
| | action | str
| | update_info | str
| | rr_action | str
| | record | str
| | type | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.updateSecurityField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_object | str
| | client_ip | str
| | port | int4
| | dns_client_signer | str
| | zone | str
| | dns_view | str
| | update_info | str
| | action | str
| | class | str
| | permission | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.xferInField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | zone | str
| | class | str
| | client_ip | str
| | port | int4
| | transfer_info | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.dns.xferOutField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | ib_category | str
| | message | str
| | client_object | str
| | client_ip | str
| | port | int4
| | dns_client_signer | str
| | dns_view | str
| | action | str
| | zone | str
| | class | str
| | transfer_info | str
| | type | str
| | transfer_status | str
| | since_serial | int8
| | serial | int8
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.niosField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | hostname | str
| | | subtype | str
| vsubtype | | server | str
| | | pid | int4
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
ddi.infoblox.nios.monitorField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.nios.ntpdField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.nios.ntpdateField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.nios.rabbitmq_controlField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.nios.syslogNgField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
ddi.infoblox.unknown.unknownField | Type | Extra fields |
---|
eventdate | timestamp
| | hostname | str
| | server | str
| | pid | int4
| | message | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
|