This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Infoblox DDI

    Samurai [Local] CollectorSamurai [Cloud] CollectorSamurai [Cloud Native] Collector
    Picture1.svg

    This guide describes the steps required to configure an on-premise Infoblox DDI device to send logs to a Samurai Local Collector deployed in your network.

    To complete this Integration you will need to:

    1. Ensure correct network connectivity
    2. Perform Grid Configuration
    3. Perform Data Management Configuration

    Ensure correct network connectivity

    You must ensure the following connectivity requirements are fulfilled:

    SourceDestinationPortsDescription
    Infoblox DDISamurai Local CollectorTCP/514For log transmission

    Perform Grid Configuration

    Perform the steps outlined in the vendor documentation to add an external syslog server:

    Perform the below settings adjustments. In case a setting property is not referenced below, simply use the default value:

    • Address: Insert the IP address of the Samurai Local Collector.
    • Transport: Select TCP.
    • Node ID: Select Host Name.
    • Severity: Select Info.
    • Logging Category: Select Send selected categories and then enable all logging categories.

    notice_icon.png This is performed to enable prefixing of the log messages instead of using the Send all option when configuring Send selected categories.

    Perform Data Management Configuration

    Perform the steps outlined in the vendor documentation to configure DNS logging categories:

    Perform the below settings adjustments. In case a setting property is not referenced below, simply use the default value:

    • Logging Category: Select all the available categories.

    For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.

    Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.