Infoblox provides a wide variety of reporting solutions that enable you to better monitor and manage your core network services (CNS) infrastructure. They provide real-time and historical information and insight supporting the following three critical requirements:

• Compliance: Admin audit logs maintain a detailed history of administrative changes made to the system configuration, enabling easy generation of compliance audit reports.
• Network Access Control (NAC): The NAC Foundation module logs user name info into the DHCP lease history, and provides a binding among users, devices (MAC addresses), and IP addresses over time. Infoblox has also included a flexible and powerful user audit log report making it easy to track unauthorized access and provide critical forensic data.
• Operations: System and protocol activity reports provide real-time and historical DNS and DHCP performance graphs and DNS query log reports.
  

Infoblox NIOS™ software contains extensive audit logs for administrative changes to the CNS configuration and data. For example, if an admin adds a DNS record, the date and time of the change along with the admin name is logged to an audit log file. The log also includes detailed information about the change, such as the host name and IP address that was entered. For any changes, all new values are logged.

The admin and object audit log reporting tool turns log data into useful information by producing user-configurable reports, including:

• Admin change report: Provides a list of all changes, additions, and deletions based on the admin user name;
• Object change report: Provides a list of all changes to a specific object in the database including the date/time, who made the change, and the new values;
• Ad-hoc report: Provides a report based on any field in the log message. For example, you could show all changes that have the word “zone” in the audit log message.

A key requirement for meeting Sarbanes-Oxley (SOX) and other compliance requirements is the ability to trace an event to a person when providing an audit trail. Conventional security devices and network monitoring tools cannot link a user’s IP address and device address (MAC) with the user’s identity. Correlating this information—which may be a requirement for tracking unauthorized network access or complying with requests for forensic data—can be extremely tedious, or even impossible.

By using the Infoblox NAC Foundation module and the DHCP lease history, organizations have easy and immediate access to correlated user/MAC/IP data. With the user audit report, network administrators can quickly determine important information and answer questions like:

• Which person had IP address 10.10.10.100 at 10 a.m. on July 14th, 2007?
• Which IP addresses did a specific user have between August 10 and August 17, and how long was each address leased for?

When a user is authenticated via the NAC Foundation module, the user name is associated with the MAC and IP address and logged into the DHCP lease history along with other critical information such as hostname, lease time, etc. The user audit report allows administrators to quickly and easily generate detailed usage and audit reports based on user, IP, MAC, date, or on any combination of factors.

Infoblox NIOS software provides a rich set of interfaces including SNMP statistics for CNS protocols like DNS and DHCP. In addition, detailed DNS and DHCP logs are available via a syslog interface.

Infoblox provides a web-based software tool for collecting and reporting on DNS and DHCP statistics and DNS query logs. These reports are invaluable when performing capacity planning or troubleshooting tasks. A rich set of graphs and reports are provided including:

• DNS query load: Hourly, daily, weekly, monthly, and yearly load graphs with reponses per second for each of the DNS response types: success, referral, NxRRset, NxDomain, failure, recursion. A set of graphs is provided for each member appliance serving DNS.
• DHCP load: Hourly, daily, weekly, monthly, and yearly load graphs with DHCP messages per second for each of the DHCP message types: discovers, requests, releases, offers, acks, nacks, declines, informs, and others.
• DNS query log reports: Top 100 queried domains, top 100 queriers, top used DNS servers

A sample report below shows the top 100 queriers in a network, which can be useful in determining rogue applications that are generating a high load of DNS queries. A solution note, titled “Operational Reporting for Core Network Services,” is available for download below and details real-life scenarios where these reports can be used to find and troubleshoot issues.