NIOS

Warning: Despite the TA indication this data source is CIM compliant all versions of NIOS including the most recent available as of 2019-12-17 do not support the DNS data model correctly. For DNS security use cases use Splunk Stream instead.

Key facts

• Requires vendor product by source configuration
• Legacy BSD Format default port 514

Links

Ref	Link
Splunk Add-on	https://splunkbase.splunk.com/app/2934/
Product Manual	https://docs.infoblox.com/display/ILP/NIOS?preview=/8945695/43728387/NIOS_8.4_Admin_Guide.pdf

Sourcetypes

sourcetype	notes
infoblox:dns	None
infoblox:dhcp	None
infoblox:threatprotect	None
nix:syslog	None

Sourcetype and Index Configuration

key	sourcetype	index	notes
infoblox_nios_dns	infoblox:dns	netdns	none
infoblox_nios_dhcp	infoblox:dhcp	netipam	none
infoblox_nios_threatprotect	infoblox:threatprotect	netids	none
infoblox_nios_audit	infoblox:audit	netops	none
infoblox_nios_fallback	infoblox:port	netops	none

Options

Variable	default	description
SC4S_LISTEN_INFOBLOX_NIOS_UDP_PORT	empty	Vendor specific port
SC4S_LISTEN_INFOBLOX_NIOS_TCP_PORT	empty	Vendor specific port

Parser Configuration

#/opt/sc4s/local/config/app-parsers/app-vps-infoblox_nios.conf
#File name provided is a suggestion it must be globally unique

application app-vps-test-infoblox_nios[sc4s-vps] {
 filter { 
        host("infoblox-*" type(glob))
    }; 
    parser { 
        p_set_netsource_fields(
            vendor('infoblox')
            product('nios')
        ); 
    };   
};